Skip to main content

Aug 2024

Cyber report spotlight: DDoS-as-a-Service used in six-day DDoS attack

A July a Distributed Denial of Service (DDoS) attack on Microsoft which led to availability issues, was amplified, rather than prevented, by its DDoS protection.

Categories

What happened​

On July 30th at about midday, Microsoft Azure suffered global availability issues, leading to problems accessing Azure hosted services. In total the incident lasted approximately eight hours, with the majority of the disruption being mitigated sooner than that.​

While Microsoft’s DDoS protection successfully mitigates approximately 1,700 attacks per day, in this instance, due to a misconfiguration, the DDoS protection amplified the attack. ​

In Microsoft’s report into the incident, it stated that while the DDoS attack was initially successfully mitigated, the DDoS protection service did not successfully disengage at a data centre in Europe, prolonging what could have been minor disruption, to an eight hour incident.​

While this misconfiguration only occurred due to an unlikely set of specific circumstances, including a simultaneous local power outage at a site in Europe, it does highlight the difficulty in protecting complex systems, and the need for robust change management and testing procedures. ​

Wider implications​

In recent months, change management has proved a consistent problem within major organisations. ​

CrowdStrike’s report into the recent global outage, has pointed towards poor testing procedures as the primary cause of allowing a faulty patch to be deployed worldwide. ​

Similarly, in July, DigiCert, a leading TLS/SSL Certificate Authority, announced that it was revoking 83,000 SSL/TLS certificates issued to almost 7,000 customers over the past five years. This was due to a 2019 code change which meant a required underscore ahead of the certificate challenge number was no longer enforced, and therefore all certificates generated since 2019 violated domain validation rules and had to be revoked. Like CrowdStrike, DigiCert has blamed this incident on poor code review and change management practices, which it aims to improve.​

As the complexity of digital systems has grown in recent years, a robust change management process that incorporates security, has become essential to ensuring systems do not display unexpected behaviour leading to outages or reduce cyber security defences.

Find out more

To make sure you stay informed on all the latest cyber security news, sign up to our cyber report where we discuss all the latest news and give you insights into the best practises for protecting your data. 

Sign up here!