ADVERTISEMENT

Company News

Microsoft Azure Attack Shows Persistence of Blunt Hacking Tool

NEW YORK, NY - MARCH 13: A signage of Microsoft is seen on March 13, 2020 in New York City. Co-founder and former CEO of Microsoft Bill Gates steps down from Microsoft board to spend more time on the Bill and Melinda Gates Foundation. (Photo by Jeenah Moon/Getty Images) (Jeenah Moon/Photographer: Jeenah Moon/Getty )

(Bloomberg) -- The recent outage on Microsoft Corp.’s cloud-computer platform demonstrated the persistence of an older, blunt-force style of cyberattack.

It’s called a distributed denial-of-service attack, DDoS for short, and it works by directing massive amounts of junk internet traffic at a target, like a website or server, to disrupt it or even knock it offline. It’s become a favorite tool of hacktivists seeking to make a statement by targeting government institutions, banks or major companies. 

The attack on Microsoft started Tuesday morning, hours before the technology giant was scheduled to announce quarterly earnings. Customers of its Azure cloud platform faced outages for hours. Mobile ordering at Starbucks Corp. was down, as were certain online services from the UK government’s courts and tribunals service and the Dutch football club FC Twente. Microsoft 365, which includes popular applications like Outlook and Excel, was also impacted. 

To make matters worse, an error in Microsoft’s automated defense mechanism “amplified” the attack instead of mitigating it, the company said in a status update. 

DDoS attacks were once considered a “solved problem,” according to Boaz Gelbord, chief security officer at Akamai Technologies Inc. “Attackers could clog the pipes, and then providers could buy bigger pipes, and then they’d be safe from DDoS.”

But today, they are cheaper and easier than ever and can even be purchased on the dark web for as little as $11, according to Akamai.

“One of the phenomena we’ve seen in recent years is DDoS attacks resurging,” Gelbord said.“They’re a problem for small sites, but especially now for enterprise companies. It used to be the opposite.”

DDoS attacks, which have been around for decades, aim to flood web servers with so much traffic that they become virtually inaccessible to legitimate users. The proliferation of internet-connected devices has helped intensify the attacks. Specialized malware is used to infect everything from smart TVs and fitness trackers to baby monitors and video cameras. The malware weaves those infected devices into a single network known as a “botnet,” a zombie army that can be directed to overwhelm servers with millions of requests at once.

Aside from making political statements, DDoS attacks are sometimes part of broader extortion schemes in which hackers seek a payment to make them stop. It’s not yet clear who was behind the Microsoft attacks.

DDoS mitigation efforts often involve filtering out malicious traffic. However, requests from bots — those zombie computers — can look nearly identical to requests from real users, said Pavel Odintsov, chief technology officer of DDoS-mitigation company FastNetMon. Odintsov and five other DDoS experts told Bloomberg News that Microsoft likely exacerbated the impacts of Tuesday’s attack by blocking out real Azure users in its attempt to isolate illegitimate ones. 

A Microsoft spokesperson said “a network device misconfiguration” contributed to the service interruption, but didn’t provide further details. The company is still investigating the Azure outage, which has now been fully resolved, the spokesperson said.

“When you have a hammer, everything is a nail,” Odintsov said. “It’s quite easy to make a mistake and block real customers.” Over the past four years, Odintsov said, the number of DDoS attacks his company has observed has approximately doubled each year.

DDoS attacks are getting tougher to defend against, Gelbord said, because botnets are getting bigger and more accessible. With an ever-increasing number of web-connected devices and gadgets, cybercriminals have more potential electronic devices to enlist as unwitting participants in their attacks. “You have much more readily available botnet armies,” Gelbord said. “It’s almost like an industry. You can rent them for hire, fairly inexpensively.” 

On Wednesday, the FBI and the Cybersecurity and Infrastructure Security Agency, known as CISA, jointly warned of potential DDoS attacks during the upcoming 2024 US presidential election. The attacks have been used in the past to target election infrastructure, and the government agencies said they will likely be used again for the same purpose.

In Venezuela, DDoS attacks have spiked tenfold since President Nicolás Maduro declared victory in a disputed election, according to NetScout Systems Inc. Political demonstrations have erupted on the streets of Caracas to protest what some are calling a fraudulent win.

“It’s not a specific hacktivist group, but a form of digital protest to real-world events,” said Richard Hummel, a senior threat intelligence manager at NetScout. “This is cyberactivity where adversaries are trying to effect chaos.”

 

--With assistance from Charles Gorrivan.

©2024 Bloomberg L.P.