Cloud Security , Cybercrime , Fraud Management & Cybercrime

Microsoft Azure Cloud Service Fails to Withstand DDoS Attack

Tech Giant Blames DDoS Defense Implementation Error for Failing to Mitigate Attack
Microsoft Azure Cloud Service Fails to Withstand DDoS Attack
A Microsoft Azure outage on Tuesday affected the Starbucks mobile ordering app. (Image: Shutterstock)

Microsoft blamed a widespread outage Tuesday on a distributed denial-of-service attack as well as its own IT errors.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

The company said the DDoS attack overwhelmed its Azure Front Door and Azure Content Delivery Network components, "leading to intermittent errors, timeout and latency spikes." Microsoft bills AFD as a content delivery network designed to mitigate DDoS attacks against its Azure cloud computing platform. It distributes attack traffic across 192 edge points of presence worldwide, enabling it "to intercept and geographically isolate large-volume attacks."

While the attack triggered Microsoft's DDoS defenses, "initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it," the company said late Tuesday after restoring service.

Microsoft’s Azure status history page shows the incident started at approximately 11:45 UTC and ended at 19:43 UTC. "A subset of customers may have experienced issues connecting to a subset of Microsoft services globally," the computing giant said.

The Azure and Microsoft 365 outage comes less than two weeks after a faulty CrowdStrike update crashed 8.5 million Windows PCs, servers and virtual machines, causing global chaos. CrowdStrike said its internal testing processes failed to work as intended. Experts asked why Windows hosts failed to automatically recover from the faulty update, consigning multitudes of IT teams to work around the clock to manually restore crashed machines.

"It seems slightly surreal that we're experiencing another serious outage of online services from Microsoft," cybersecurity expert and professor Alan Woodward told the BBC. "You'd expect Microsoft's network infrastructure to be bomb-proof."

Among the affected Azure customers was American coffee giant Starbucks, whose mobile ordering app went offline for hours, reported Bloomberg. The app has become so central to Starbucks that some of its airport locations only accept mobile orders. Around 1,450 frustrated coffee drinkers reported app outages to Downdetector. The Starbucks app was also heavily affected by the CrowdStrike-induced outage.

Microsoft pledged to publish a preliminary incident report within about 72 hours of the Tuesday outage being resolved and a more complete final incident review within about 14 days.

This isn't the first time DDoS attacks have scuttled Azure services. In June 2023, Microsoft eventually blamed weeks of outages plaguing Azure and Microsoft 365 on DDoS attacks carried out by a pro-Russian hacktivist group.

The back-to-back outages highlight how network effects and market consolidation amplify the effects of digital snafus. "We've engineered social systems that are extremely prone to catastrophic risk because we have optimised to the limit, with no slack, in hyper-connected systems. A tiny failure is now an enormous one," said University College London academic Brian Klaas after the CrowdStrike outage.

The end of the world, joked cybersecurity researcher Costin Raiu to CNN, won't "be AI taking over some kind of nuclear power plant and shutting down electricity." Rather, he said, "It's more likely to be some kind of a little bit of code in a botched update, causing a cascade reaction in interdependent cloud systems.”


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.