Microsoft has said that the outages that affected certain services of the company through some of the earlier days of this month were the result of cyberattacks, but said it saw no evidence of any customer data being accessed or compromised.
"Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability'" the company said in a blog post.
Microsoft said it opened an investigation and began tracking the DDoS activity by the threat actor it refers to as Storm-1359 after it identified the threat.
Microsoft did not immediately respond to a request by Reuters as to whether the company had identified the party responsible for the attack.
DDoS attacks work by directing high volumes of internet traffic towards targeted servers in a relatively unsophisticated bid to knock them offline.
Microsoft's 365 software suite, including Teams and Outlook, were down for more than two hours for over thousands of users on June 5 and a brief recurrence the following morning. That was the fourth such outage for Microsoft in a year.
“We really have no way to measure the impact if Microsoft doesn’t provide that info,” said Jake Williams, a prominent cybersecurity researcher and a former National Security Agency offensive hacker. Williams said he was not aware of Outlook previously being attacked at this scale.
“We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. He said Microsoft's apparent unwillingness to provide an objective measure of customer impact “probably speaks to the magnitude.”
Pro-Russian hacking groups including Killnet — which the cybersecurity firm Mandiant says is Kremlin-affiliated — have been bombarding government and other websites of Ukraine's allies with DDoS attacks. In October, some US airport sites were hit. Analyst Alexander Leslie of the cybersecurity firm Recorded Future said it's unlikely Anonymous Sudan is located as it claims in Sudan, an African country. The group works closely with Killnet and other pro-Kremlin groups to spread pro-Russian propaganda and disinformation, he said.
The Associated Press quoted Edward Amoroso, NYU professor and CEO of TAG Cyber, as saying that the Microsoft incident highlights how DDoS attacks remain “a significant risk that we all just agree to avoid talking about. It’s not controversial to call this an unsolved problem.”
He said Microsoft's difficulties fending of this particular attack suggest “a single point of failure.” The best defense against these attacks is to distribute a service massively, on a content distribution network for example.
