Microsoft 365 users were hit with a massive outage on Monday, affecting Outlook, Azure, Microsoft Teams and other services.
The company says it has resolved the issue. But those hit
by the outage are speculating as to the cause of the failure.
“Could this be a test cyberattack?” one Microsoft user wrote on downdetector Tuesday morning. “Why
nothing reported in China or Russia?”
The Cybersecurity Infrastructure Security Agency (CISA) has determined that at this point, there is “no indication of a broader coordinated
campaign,” according to ABC News.
Microsoft also says there is no sign the outage was caused by an attack.
The disruption apparently peaked around 7 p.m., when
downdetector received almost 20,000 reports.
Of those complaints, 56% concerned logins, 30% involved service connections and 12% concerned Outlook.
The downturn affected
the Northeastern and South-central U.S., according to the downdetector map.
The outage interfered with job interviews, completion of school assignments and other activities, reports
state.
By 9:30 p.m., the company tweeted that “most users should be experiencing relief.”
At midnight, Microsoft 365 Status reported that it had resolved a
residual issue affecting “a subset of customers within North America.”
On downdetector, users speculated whether the problem was due to a cyber attack.
Perhaps
coincidentally, Microsoft on Tuesday released the Microsoft Digital Defense Report, a study showing the increasing sophistication of cyber attacks.
The company reports that it blocked over 13
billion malicious and suspicious emails in 2019, over 1 billion of which were URLs set up to launch phishing credential attacks.
Nation-state actors are “engaging in new
reconnaissance techniques that increase their chances of compromising high-value targets,” writes Tom Burt, corporate vice president, consumer security & trust for Microsoft.
In
addition, “criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for
systems vulnerable to ransomware,” Burt adds.
The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware
and virtual private network (VPN) exploits, Burt says.