When Microsoft Outlook went down earlier this month, leaving users unable to access the email service, observers wondered whether it was caused by a Spectrum outage then taking place, or if it was a simple system failure on Microsoft’s part.
It was neither. Microsoft reported on Friday that the outage was due to a cyber attack.
“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability,” Microsoft writes. “Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.”
The company is quick to add: “We have seen no evidence that customer data has been accessed or compromised.” But it apparently was a serious episode.
To get technical, this recent The distributed denial-of-service (DDoS activity) “targeted layer 7 rather than layer 3 or 4,” Microsoft writes. “Microsoft hardened layer 7 protections including tuning Azure Web Application Firewall (WAF) to better protect customers from the impact of similar DDoS attacks.”
Microsoft determined that Storm-1359 “has access to a collection of botnets and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures. Storm-1359 appears to be focused on disruption and publicity.”
These layer 7 DDoS attacks take several different forms:
Micrtosoft halted the attack, but acknowledges that more work is needed. “While these tools and techniques are highly effective at mitigating the majority of disruptions, Microsoft consistently reviews the performance of its hardening capabilities and incorporates learnings into refining and improving their effectiveness,” it says.