Cyber attack and bug cause of the Microsoft Cloud outage on 30.7.2024

[German]On July 30, 2024, there was a partial outage of Microsoft cloud services (Azure, Microsoft 365, etc.) worldwide. I had reported – but not all users were affected. Microsoft has now published a post-incident report and identified the initial causes. The problems were triggered by a DDoS attack that led to an overload. A bug in the routines for defending against such cases then exacerbated the consequences of the attack. A hacker group with a political focus on the Middle East conflict claims responsibility for the attack.


Advertising

Problems with the Microsoft Cloud

I reported in the article Microsoft Entra / MS 365 down (July 30, 2024) about issues with  the performance oft Microsoft's cloud services. A reader informed me at around 2:29 pm on July 30, 2024 that Microsoft Entra had been unavailable for 2 hours. Those affected reported that the Microsoft 365 services were no longer available or were responding very slowly. But not all users among the readership were affected.

While some readers did not experience any problems, Fred reported a login to the administrator console with delays of 15 minutes. My attempt to access the Azure status pages was rejected with "Our services aren't available right now". One reader reported problems in Microsoft Defender; the call of Assets – Devices took forever and then failed with the message "no data available". Dependent solutions from third-party providers also caused problems, as Rolf notes here. He could no longer use a German software from Lexware because the product probably depends on Microsoft cloud services.

DDoS attack and a bug as the cause

I had already added the note from Microsoft, obtained from the Azure status history, in the article Microsoft Entra / MS 365 down (July 30, 2024). The causes is interesting:

  • An unexpected spike in usage caused the Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components to operate below acceptable thresholds, resulting in intermittent errors, timeouts and latency spikes.
  • The cause of the load spike was a distributed denial-of-service (DDoS) attack that activated Microsoft's DDoS protection mechanisms. This would not actually be a problem, as that is what the protection mechanisms are there for.
  • However, initial investigations by Microsoft indicate that an error in the implementation of the DDoS defense measures intensified the effects of the attack instead of mitigating them.

No company is immune to DDoS attacks and Microsoft has experienced many such attacks in the past. The DDoS attacks by Anonymous Sudan have already pushed the Microsoft Cloud to its limits (see links at the end of the article).

According to this tweet, a politically active group called SN_Darkmeta is taking responsibility for the DDoS attack. Whether this is true or not, I cannot judge. This tweet shows screenshots of the ongoing attack on Azure.

The consequences of the cloud

The feedback from my German blog readers reaches from "nothing worked" to "no noticeable impairments". If I search the internet for AWS or Google Cloud outages, there are not too many hits. When there's trouble, it's usually Microsoft's cloud that's affected.I guess Microsoft's strategists have simply become victims of their own success.


Advertising

Similare articles:
Exchange Online down for hours (June 5, 2023)
Outlook.com and OneDrive down – consequence of cyber attacks? (June 8, 2023)
Microsoft Azure outage (June 9, 2023); what's going on?
Microsoft's cloud outage was result of a DDoS attack
Cloud outages: Microsoft reveals details of DDoS attack by Anonymous Sudan/Storm-1359
Anonymous Sudan: Microsoft denies data leak of 30 million customer accounts


Advertising

This entry was posted in Cloud, issue and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).