In early June, Microsoft announced that cyberattacks caused its service disruptions. In addition to Outlook email, OneDrive file-sharing, and the company’s cloud computing platform, the company’s flagship office suite was affected. It has now been confirmed by the software giant that Distributed Denial of Service (DDoS) attacks were perpetrated by a mysterious entity called Storm-1359.
The Attackers and Their Objectives
The company did not provide much information, but it did reveal that the attacks were aimed at disrupting the company and causing publicity. It is believed that the attackers used rented cloud infrastructure and Virtual Private Networks (VPNs) to flood Microsoft servers with junk traffic from zombie computer botnets.
While the attack was attributed to the group Anonymous Sudan via its Telegram social media channel, some suspect Russian entities were behind it. The software giant remained tight-lipped about the number of customers affected or the severity of the attacks.
No Customer Data Compromised
In these attacks, Microsoft says there is no evidence of customer data being accessed or compromised. However, DDoS attacks cannot penetrate websites despite their disruptive nature, which can cause them to become unavailable.
If such attacks succeed in disrupting the services of a global software giant like Microsoft, a significant enabler of global commerce, then millions of people could be affected.
Measuring the Impact and Identifying the Perpetrators
Cybersecurity researcher Jake Williams points out that assessing the real impact of an attack is only possible if Microsoft provides the relevant details. Williams explained that we cannot determine the impact if Microsoft doesn’t provide that information. The fact that Microsoft appears unwilling to provide objective measures of customer impact speaks to its magnitude, according to him.
Microsoft still needs to learn who the attackers are, Williams suggested. Investigations into cybersecurity attacks can often take a significant amount of time and can be particularly challenging if the adversary is skilled.
The Rising Threat of DDoS Attacks
DDoS attacks continue to pose a threat due to the Microsoft incident. Despite Microsoft’s efforts, professor Edward Amoroso of NYU and CEO of TAG Cyber said the attack has remained a “significant risk.” He added that it may point to the possibility of a “single point of failure.”
A content distribution network, for example, is the best defense against these attacks.
Microsoft’s Disruptions Timeline
As a result of the disruptions to the Microsoft 365 Office suite, Downdetector reported 18,000 outages and problems around 11 a.m. Eastern time. Microsoft confirmed on Twitter that day that OneDrive for Business, Teams, SharePoint Online, and Outlook were affected by the same issue.
Later that week, Microsoft confirmed that its Azure cloud computing platform had also been compromised. OneDrive file-hosting was unavailable globally on June 8, according to BleepingComputer.com. As far as Microsoft is concerned, desktop OneDrive clients are not affected.
References
Associated Press. (2023, June 17). Microsoft says early june disruptions to outlook, cloud platform, were cyberattacks. CNBC. https://www.cnbc.com/2023/06/17/microsoft-says-early-june-disruptions-to-outlook-cloud-platform-were-cyberattacks.html
The Guru's World 
Leave a comment