Posted on June 19, 2023 at 8:37 AM
Tech Giant Microsoft Attributes Recent Outages On Outlook To A DDoS Hacking Attack
There have been several complaints on social media platforms, especially Twitter, on outages on the Microsoft Outlook platform. In early June, many complaints about Outlook sprouted up, with as many as 18,000 users being affected by the outage. Microsoft has now said that this outage was caused by a distributed denial of service (DDoS) attack.
Microsoft attributes recent outages to a DDoS campaign
A report by The Associated Press confirmed the DDoS campaign happening on the Microsoft Outlook platform. Microsoft has shared minimal details on these outages, and it has yet to issue a statement on the number of affected customers and whether the effect of this exploit was global.
The report has also noted that the hacker group known as Anonymous Sudan had already claimed responsibility for this attack on the Telegram social media channel. However, some cybersecurity researchers also believe that the hacker group behind the exploit was Russian.
Microsoft also published a blog post saying that the DDoS attacks on the company had “temporarily impacted availability” of some services. The tech giant also said that the attackers were focused on publicity and disruption of services. The attackers also likely depended on rented cloud infrastructure and virtual private networks to attack Microsoft servers using botnets belonging to zombie computers globally.
“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359,” Microsoft said.
However, the blog post published by the company has not mentioned whether the company has everything under its control and whether this attack disappeared on its own. The Twitter account for Microsoft 365 has also tweeted about this outage that happened on June 5 and later during the day. It further said that the issue appeared to be under control the next morning.
According to Microsoft, there was zero evidence showing that customer data was accessed or compromised during this campaign. DDoS attacks have become increasingly popular, with such exploits making websites unreachable without the hacker having to penetrate these websites.
Security experts have said that DDoS campaigns can disrupt the work of millions of people if they successfully interrupt the services offered by Microsoft. For instance, Microsoft Outlook is used to support a vast network of global commerce activities.
As aforementioned, Anonymous Sudan has been linked to this exploit. This hacker group has remained active since at least January. A report by Cybernews reported the attack after it happened, and it lasted for around one and a half hours before it stopped.
Microsoft shares minimal details on this attack
Jake Williams, a former offensive hacker at the National Security Agency, was among the people that were quoted in the article published by The Associated Press. Williams said that there was no way to determine the effect of this attack as Microsoft was yet to provide this information. Williams also said that he was not previously aware of Microsoft Outlook having been massively affected by such an exploit in the past.
Williams has also said that as the attack was ongoing, some resources remained inaccessible while others were still accessible. He noted that such events happen with DDoS campaigns of globally distributed systems. He also said that the failure of Microsoft to offer an objective measure of customer impact “speaks to the magnitude.”
In 2021, Microsoft mitigated what was once ranked as one of the largest DDoS attacks in history. The DDoS campaign in question lasted for over ten minutes, with the online traffic peaking at 2.4 terabits per second (Tbps). Last year, a DDoS campaign peaked at 3.47 Tbps.
The volume of this DDoS attack that happened in June is yet to be determined, but cybersecurity researchers believe that the impact was massive, as it had the potential to take the servers offline.
The blog post that has been published by Microsoft on this matter said that the attack targeted the OSI layer 7. OSI layer 7 is the layer of a network where applications can access the network services where apps such as email call out for their data.
Microsoft has also said that the hackers deployed botnets to launch the DDoS hacking campaigns “from multiple cloud services and open proxy infrastructures.” It also said that the hacker group seemed to be focused on publicity and disruption of services. As such, the hacking campaign was not influenced by monetary benefits.
