Microsoft has officially confirmed that the recent outage affecting its services, including Azure, Outlook, and OneDrive, was the result of cyber attacks. The announcement was made in a blog post titled “Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks.”
Initially, the incident was attributed to technical issues. However, it has now been revealed that targeted layer 7 DDoS attacks were responsible for the outage. Anonymous Sudan, a notorious hacker group, claimed responsibility for the attack and openly taunted Microsoft in online posts.
Prior to the confirmation by Microsoft, The Cyber Express had reported on the OneDrive outage, which left thousands of users unable to access their files and documents. Shortly after the incident, screenshots of Telegram posts by Anonymous Sudan surfaced, providing evidence of their involvement in the cyber attack. The hacker group boasted about causing the outage and hinted at carrying out similar attacks on other Microsoft services in the future.
Microsoft has acknowledged the claims made by Anonymous Sudan and assured its customers that they are actively investigating the matter. The company has taken necessary steps to protect its customers and ensure the stability of its services. Microsoft clarified that there is currently no evidence suggesting that customer data has been compromised or accessed.
Layer 7 DDoS attacks target the application layer of a network and aim to exhaust system resources by overwhelming them with a high load of SSL/TLS handshakes and HTTP(S) requests. This results in a strain on the application backend, leading to compromised availability. The cybercriminals behind these attacks, known as Storm-1359 or Anonymous Sudan, have access to a collection of botnets and tools that enable them to launch attacks from multiple cloud services and open proxy infrastructures.
To combat similar layer 7 DDoS attacks, Microsoft advises its customers to implement layer 7 protection services such as Azure Web Application Firewall (WAF), which is available with Azure Front Door and Azure Application Gateway. The company recommends utilizing the bot protection managed rule set, blocking malicious IP addresses and ranges, and implementing custom WAF rules to automatically block and rate limit known signature attacks.
In an effort to increase awareness and encourage users to implement necessary security measures, Microsoft is actively investigating the cyber attack and sharing insights into its nature. The company urges customers to review the technical details and recommended actions outlined in their blog post to strengthen the resilience of their environments against layer 7 DDoS attacks.
As the investigation continues, it is important for users to stay vigilant and ensure they have implemented the necessary security measures to protect their data and systems. Microsoft’s acknowledgment of the cyber attack and its efforts to address the situation provide reassurance to its customers and demonstrate the company’s commitment to cybersecurity.
Please note that the information provided in this article is based on internal and external research obtained through various means. Readers are encouraged to review the original blog post by Microsoft for more detailed and up-to-date information.