(Photo by Aleksander Kalka/NurPhoto via Getty Image)
Tuesday’s Microsoft outage has been traced to a DDoS attack that temporarily took down the company’s Azure cloud service.
The attack sent a flood of internet traffic that disrupted global access to Microsoft’s 365 and Azure services for about eight hours. During the outage, the company hinted that a DDoS attack might have been involved with Microsoft's status reports noting an “unexpected usage spike.”
Redmond has since confirmed that a DDoS attack was the “initial trigger event” behind Tuesday’s outage. To stop the attack, the company’s DDoS protection mechanisms automatically kicked in. But ironically, Microsoft says: “initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.”
The outage, which began at around 7:45 a.m. EST, prompted Microsoft to make several network configuration changes. By 10:10 a.m., the initial network changes “successfully mitigated [the] majority of the impact,” although some customers still reported trouble accessing Microsoft services. It wasn’t until 2 p.m. that Microsoft addressed the rest of the problem.
This comes as DDoS attacks have been growing in intensity. Earlier this month, France-based OVHCloud fended off a record-breaking DDoS assault that reached 840 million packets per second. Such attacks can be launched when a hacker uses an army of computers—such as PCs, servers, or IoT devices—to bombard an internet service or website with traffic, overwhelming the IT systems and forcing them offline.
It's unclear who attacked Microsoft, although two hacktivist groups have claimed responsibility. The company didn’t immediately respond to a request for comment, but promised in its status report to publish a preliminary review of the incident in the next 72 hours.
“After our internal retrospective is completed, generally within 14 days, we will publish a Final Post Incident Review with any additional details and learnings,” the company added.