Microsoft confirms a CYBERATTACK was behind the newest outage
Microsoft has confirmed that its latest global outage was caused by a malicious cyberattack.
The outage saw Outlook email services, Xbox Live, and even Minecraft go down for almost 10 hours yesterday afternoon – just two weeks after millions were affected by global outages.
Microsoft now admits that its services were taken out by a Distributed Denial of Service (DDOS) attack which was ‘amplified’ by an error in the company’s cyber defences.
Experts say the true culprits may never be identified but that they were likely encouraged to strike by Microsoft’s recent service troubles.
Sylvain Cortes, vice president of strategy at cybersecurity firm Hackuity, told MailOnline: ‘Rogue actors, cybergangs, and nation-states alike leverage these tactics, so further investigation is required to determine the origin of the threat.’
Microsoft says that its latest spate of outages was triggered by a cyberattack which the company’s defences failed to prevent
This comes just two weeks after 8.5 million devices were affected by a faulty security update from cybersecurity firm CrowdStrike. Pictured: a screen at JFK Airport Terminal 1 displays a blue recovery mode message
Yesterday, thousands of users reported issues accessing Microsoft services.
At the time, the tech giant’s service status website showed an alert for ‘network infrastructure,’ which is critical for connectivity and communication between users, apps, devices and the internet.
In a post on X (formerly Twitter) earlier that day, Microsoft had written: ‘We are investigating reports of issues connecting to Microsoft services globally. Customers may experience timeouts connecting to Azure services.’
Microsoft Azure is a cloud computing service which provides data access and management services for a wide number of different clients.
Azure also provides the centralised computer backbone for many of Microsoft’s own services such as Outlook and Xbox Live which were all affected by the disruption.
In a post on X, formerly Twitter, Microsoft said that it was experiencing widespread issues with Microsoft 365 services such as the email system Outlook
Microsoft Azure showed that it was experiencing network infrastructure issues which were affecting a subset of services
Today, in an update on the Microsoft Azure website, Microsoft now says these issues were caused by a cyberattack that the firm failed to properly defend.
Specifically, Microsoft says a preliminary investigation shows that their servers had been the target of a DDOS attack.
This is a very basic form of cyberattack in which the malicious party sends vast amounts of internet traffic to a website or server so that legitimate web traffic can’t get through.
While they have been used widely by hacktivist groups around the world, these attacks generally cause limited and temporary disruption.
However, Microsoft writes: ‘Initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.’
Microsoft now says that Outlook, Xbox Live, and Minecraft were taken offline by a Distributed Denial of Service (DDOS) attack which was amplified by their own systems
Pieter Arntz, senior threat researcher at cybersecurity firm Malwarebytes, explains that sometimes errors in the victim’s own systems will boost the power of a DDOS attack.
Mr Arntz told MailOnline: ‘Rather than fending off the attack, something in Microsoft’s cloud architecture overreacted and made things worse.
‘It’s very similar to how an ignorant person can ask more questions in an hour than a wise man can answer in a lifetime.’
It is also not clear whether the attackers intended their disruption to spread so widely or whether they had more specific goals in mind.
Unlike the previous outage which caused disruption at airports around the world (Pictured) this latest outage was triggered by a malicious attack from an unknown group
Mr Cortes says: ‘Attackers inflict as much pain as they need to achieve their ends. Sometimes the collateral damage extends further than even they expected.
‘At this time, we can only speculate on the intentions behind this specific attack.’
No known organisation or group is yet to claim responsibility for the attack, which makes it unlikely that the true identity of the attackers will ever be revealed.
However, some experts suggest that attack could have been a carried out by a hacktivist group.
DDOS attacks are a fairly basic form of cyberattack and have been used successfully in the past by groups like Anonymous or the IT Army of Ukraine.
David Higgins, senior director of the Field Technology Office at CyberArk, told MailOnline that this would not be the first time Microsoft has been a target for hacktivists.
Microsoft Azure provides the cloud computing services for Microsoft products like Xbox Live and Minecraft. As its own defences overreacted to the DDOS attack many products using Azure were affected
Mr Higgins says: ‘It could be a Hacktivist group again, looking to perhaps show how reliant organisations around the world are on their IT services from Microsoft and in general.
‘Following the recent global outage from the Crowdstrike update; service disruption is clearly on the world radar.’
However, Mr Higgins also points out that cybercrimals and nation-states also employ these techniques so there is not enough information to determine who the attacker was.
DDOS attacks generally harness large networks of compromised computers which makes it difficult to trace the attack back to a single source.
Jake Moore, global cybersecurity advisor at ESET, told MailOnline: ‘Such attacks are rarely attributed to anyone as the perpetrators can easily hide and evade detection.’
However, Mr Moore points out that the cybercriminals behind the attack were likely emboldened by Microsoft’s recent troubles.
Cybersecurity experts told MailOnline that the criminals or nation behind the attack were likely emboldened by seeing the massive problems Microsoft faced with service outages in previous weeks
He says: ‘Since the large CrowdStrike outage, it can be assumed that cybercriminals around the globe will now attempt attacks considered unthinkable before.
‘From what we have seen over the last couple of weeks we have learnt to expect the unexpected more than ever. To witness two major outages in such a short space of time is unprecedented but maybe not entirely independent.’
Microsoft says that the service was back to normal by 21:48 BST but not before widespread disruption caused frustration for thousands of customers.
That included many using Microsoft’s Xbox Live gaming platform and those trying to log in to the popular video game Minecraft.
Big corporations were also affected by the attack including Cambridge Water which wrote in a post on X that ‘due to worldwide issues with Microsoft Azure, a problem with our website is affecting several services including MyAccount and PayNow.’
The attack came at an especially bad time for the company as it brought service to a standstill just hours before Microsoft was due to present its latest financial update.
Tens of thousands of flights were cancelled across the globe as CrowdStrikes ‘Falcon Sensor’ update caused Windows to crash
On X, many users vented their frustration with Microsoft’s faulty servers which had once again gone down
Others bemoaned Microsoft’s centralised systems which allowed disruption to spread widely across different services
This comes just two weeks after a faulty software update from cybersecurity firm CrowdStrike knocked 8.5 million Microsoft devices offline.
The incident impacted Microsoft’s 365 apps and Azure service, which are used by more than 50 per cent of Fortune 500 companies and eight of the top financial institutions across 43 US states.
Major government offices were forced to close including the Social Security Administration which said the incident had shut down numerous services.
Most visibly, thousands faced delays while preparing to fly as the Microsoft-powered systems of airlines crashed.
Tens of thousands of flights were cancelled across the globe as CrowdStrikes ‘Falcon Sensor’ update caused Windows to crash – leaving many with the infamous ‘blue screen of death’.
MailOnline has contacted Microsoft for comment.
