June Microsoft 365 outages were DDoS attacks

By on
June Microsoft 365 outages were DDoS attacks

An investigation by Microsoft suggests a threat actor named Storm-1359 launched distributed denial of service attacks earlier this month, impacting availability of the company's services.

Thousands of Microsoft 365 customers experienced issues connecting to services last week, including Teams an dOutlook Web Access.

In an incident post mortem published over the weekend, Australian time, Microsoft pointed to Storm-1359 as having launched DDoS attacks to create disruption for publiciity purposes.

The threat actor used multiple virtual private servers, rented cloud infrastructure, open proxies and "DDoS tools" Microsoft said.

Attacks were launched at the application network layer 7 rather than 3 or 4, which Microsoft protects with the Azure Web Application Firewall.

Microsoft saw no evidence of any customer data being accessed or compromised.

Storm-1359 has been observed to launch several types of layer 7 DDoS attacks, Microsoft's Security Response Centre said.

The threat actor has attempted to exhaust system resources by sending millions of clear-text and secured hyper text transfer protocol requests, to run up processor and memory usage.

Similarily, Storm-1359 has attempted to bypass caching servers and to use the "Slowloris" attack with incomplete network connections that remain open, in an effort to exhaust system resources.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:
azure cloud microsoft security

Partner Content

Bringing the cyber security lessons of 2022 into 2023
Bringing the cyber security lessons of 2022 into 2023
Securing, automating the edge are Australian MSPs’ key priorities this year
Securing, automating the edge are Australian MSPs’ key priorities this year
AusCERT focuses on preventative action, lifting the knowledge of communities
AusCERT focuses on preventative action, lifting the knowledge of communities
What partners need to know about SMBs and the cloud
What partners need to know about SMBs and the cloud
How to give home and remote workers an equal voice in hybrid meetings
How to give home and remote workers an equal voice in hybrid meetings

Sponsored Whitepapers

How can partners develop sustainability strategies? A Canalys ebook for Schneider Electric
How can partners develop sustainability strategies? A Canalys ebook for Schneider Electric
ArrowSphere: The cloud delivery and management platform for powering digital growth
ArrowSphere: The cloud delivery and management platform for powering digital growth
Wasabi Focuses On Just One Thing: Providing the Best Cloud Storage Solution in the World
Wasabi Focuses On Just One Thing: Providing the Best Cloud Storage Solution in the World
How vulnerability scans identify & protect against cyberthreats before criminals locate them
How vulnerability scans identify & protect against cyberthreats before criminals locate them
Monitoring & automation: A primer for MSPs
Monitoring & automation: A primer for MSPs

Most Read Articles

Thales to acquire Tesserent for $176m

Thales to acquire Tesserent for $176m
Tough PC market, but outlook optimistic at Dicker Data

Tough PC market, but outlook optimistic at Dicker Data
Kinetic IT wins multi-million dollar ATO contract

Kinetic IT wins multi-million dollar ATO contract
Construction of NEXTDC&#8217;s $1 billion S3 data centre in Sydney is complete

Construction of NEXTDC’s $1 billion S3 data centre in Sydney is complete

Log In

Email:
Password:
  |  Forgot your password?