• by Ray Schultz , September 29, 2020

Microsoft 365 users were hit with a massive outage on Monday, affecting Outlook, Azure, Microsoft Teams and other services.  

The company says it has resolved the issue. But those hit by the outage are speculating as to the cause of the failure.  

“Could this be a test cyberattack?” one Microsoft user wrote on downdetector Tuesday morning. “Why nothing reported in China or Russia?”

The Cybersecurity Infrastructure Security Agency (CISA) has determined that at this point, there is “no indication of a broader coordinated campaign,” according to ABC News. 

Microsoft also says there is no sign the outage was caused by an attack. 

The disruption apparently peaked around 7 p.m., when downdetector received almost 20,000 reports. 

Of those complaints, 56% concerned logins, 30% involved service connections and 12% concerned Outlook. 

The downturn affected the Northeastern and South-central U.S., according to the downdetector map. 

The outage interfered with job interviews, completion of school assignments and other activities, reports state. 

By 9:30 p.m., the company tweeted that “most users should be experiencing relief.” 

At midnight, Microsoft 365 Status reported that it had resolved a residual issue affecting “a subset of customers within North America.”

On downdetector, users speculated whether the problem was due to a cyber attack. 

Perhaps coincidentally, Microsoft on Tuesday released the Microsoft Digital Defense Report, a study showing the increasing sophistication of cyber attacks.

The company reports that it blocked over 13 billion malicious and suspicious emails in 2019, over 1 billion of which were URLs set up to launch phishing credential attacks. 

Nation-state actors are “engaging in new reconnaissance techniques that increase their chances of compromising high-value targets,” writes Tom Burt, corporate vice president, consumer security & trust for Microsoft.

In addition, “criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware,” Burt adds. 

The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits, Burt says.