Microsoft down: Outage was caused by cyber attack, company says

Andrew Griffin
Wednesday 31 July 2024 17:20 BST
Comments
Microsoft said an outage on July 30 was caused by a cyber attack (AP Photo/Thibault Camus)
Microsoft said an outage on July 30 was caused by a cyber attack (AP Photo/Thibault Camus) (AP)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Microsoft’s latest outage was the result of an attempted hack, it has said.

On Tuesday, some of its apps were knocked offline in an intentional cyber attack, Microsoft said in an update. The company’s attempts to stop the hack actually amplified it, it noted.

That meant that some of its apps and features were offline for much of Tuesday.

It came just days after Windows PCs were hit by a huge outage that brought much of the world to a standstill, cancelling flights and delaying hospital appointments. That was the result of a bug in cybersecurity software made by third-party company CrowdStrike, and was not an intentional cyber attack.

Microsoft said initial problems on Tuesday on its Azure cloud platform had been triggered by a distributed denial-of-service (DDoS) attack, where bad actors try and knock a platform offline by flooding it with traffic until it can no longer cope.

The issue has been resolved, Microsoft said, but the company confirmed its initial investigations had found that an error in the rollout of its own defences to prevent the attack “amplified the impact of the attack rather than mitigating it”.

In an update posted to its Azure status website, Microsoft said an “unexpected usage spike” had caused performance issues on parts of its Azure platform, for which the company said the “initial trigger event” had been the DDoS attack that “activated our DDoS protection mechanisms”, but these protections had initially made things worse, before the firm made “network configuration changes” to relieve and eventually help solve the issue.

The incident on Tuesday saw thousands of users report issues accessing a range of Microsoft services, with service status website DownDetector reporting user-flagged issues with Microsoft Teams, Xbox Live and other services.

Other websites were also affected, with banking giant NatWest apologising to customers whom it said had been unable to access some of its webpages, while Oxford United Football Club posted to X to confirm the issue was preventing online members from accessing online ticketing and club shop services.

The incident came less than two weeks after a major IT outage knocked global infrastructure including transport and healthcare services offline because a flawed software update from cybersecurity firm CrowdStrike affected Microsoft devices.

Adam Pilton, senior cybersecurity consultant at Cybersmart, said: “It’s not unsurprising to see that Microsofthas been subject to a denial-of-service attack, I imagine this is a frequent event for them. What is surprising is that it was successful.

“Microsoft have confirmed they do have DDoS protection in place which is what we would expect, however the protection they did have in place was misconfigured which in fact ended up amplifying the attack.

“This has been fixed and Microsoft have said they will be publishing an incident review within 72 hours sharing greater detail on what has happened. The fact this misconfiguration happened and was in effect exploited is concerning and understanding how Microsoft allowed this to happen will be crucial in ensuring if businesses can maintain confidence in them.

“For those affected they lost access to some of their Microsoft services for up to 10 hours. This is now the second reminder in two weeks of the importance of having business continuity planning in place. Whether a specific piece of software is unavailable or your entire network becomes unusable, you must have plans in place to ensure that your business can continue to work.

“It’s also a reminder of the reliance we have on big organisations. This may have impacted people indirectly whereby their supply chain was unable to fulfil demands placed on them. This in turn could be costly to business or simply damage business relationships.

“If businesses are to take one learning point from the past two weeks, it should be to have an incident response procedure in place, supported by a business continuity plan and test them. Ensuring that procedures work and that key stakeholders are able to execute them efficiently.”

Additional reporting by agencies

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in