New Information on 8-Hour Microsoft Azure Outage: DDoS Attack Confirmed

by | Aug 8, 2024

The Azure outage that took out numerous services (and impacted numerous organizations) on July 30 has been confirmed to be due to a DDoS attack, as recently confirmed by Microsoft. The twist to the story is that a failure in Microsoft’s defense implementation seems to have actually helped the attackers, making the situation worse than it normally would have been.

All told the DDoS attack caused outages for about eight hours, with Microsoft claiming it had “most” services and customers back up and running in 2.5 hours. The company has not yet confirmed the identity of the attacker, but a “hacktivism” group has claimed the Azure outage and has provided some evidence in support.

2023’s spike in DDoS attacks appears to be continuing

While Azure outages can still be described as “infrequent,” Microsoft has developed something of a track record in recent years with one a little over two years ago and then another in January 2023. In both cases, some sort of mistake in a deployment or changeover was the cause. However, in all cases the outages lasted only a few hours.

This is the first in recent memory that can be chalked up to a DDoS attack, but it likely wouldn’t have happened had Microsoft’s implementation been in its regular working order. Does it indicate that there is reason to be seriously concerned about Azure security? This one incident does not likely change anything, but it is not a good look for Microsoft given its recent declaration that security is now the company’s overriding #1 priority.

This also comes amidst something of a renaissance for DDoS attacks, which never went away but did seem to go into remission for several years prior to 2023. Several different studies observed a notable spike that year, and that may be continuing into 2024. Some factors that are driving DDoS attacks are increasing real-world conflicts that prompt them, and the development of devastating new techniques such as the “HTTP/2 Rapid Reset.”

Azure outage was short but widespread

From the standpoint of the average internet user, the Azure outage may have caused temporary downtime for certain online services for a few hours on July 30 (the game Minecraft was a notable example). The DDoS attack window ran from 11:45 UTC to 19:43 UTC that day.

There is not yet an official attribution of the attack, but a group calling itself “Blackmeta” popped up on X and other platforms to take credit. The group claims that it is part of a broader “hacktivism” campaign directed against critical infrastructure in the US and France, but also indicated that it wants to “show off its capabilities” (possibly pointing to offering its services for hire).

Whatever the motivation might be, the attack seems to have been a fluke incident in terms of the level of damage that it caused. A forthcoming technical analysis from Microsoft, expected sometime in the next week or two, should provide more answers.

Recent Posts

How can we help?

10 + 8 =

× How can I help you?