Microsoft says latest outage was caused by cyber attack

Microsoft has confirmed that a recent outage which impacted services was the result of a cyber attack.

The tech giant told customers yesterday it was investigating reports that users were having problems accessing services, with many reporting being unable to access email services and other key features.

Impacted services included Microsoft 365, which includes the tech giant’s Office and Outlook platforms, as well as cloud services such as Entra and Intune.

At the time, Microsoft said it had issued a fix for the problem, adding that services showed signs of improvement.

“We've implemented a networking configuration change, and some Microsoft 365 services have performed failovers to alternate networking paths to provide relief,” the tech giant said on its service status site.

“Monitoring telemetry shows improvement in service availability, and we're continuing to monitor to ensure full recovery.”

In a subsequent update, however, Microsoft revealed the outage was caused by a Distributed Denial of Service (DDoS) attack, the impact of which was exacerbated due to an “error in the implementation of our defences”.

"While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack... initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it,” Microsoft said.

This latest incident comes less than two weeks after a major global IT outage disrupted millions of devices globally.

A flawed update by cybersecurity firm CrowdStrike was identified as the source of the issue, which severely disrupted operations for thousands of businesses and service providers globally.

The incident saw millions of Windows devices affected, with users reporting being met with the ‘blue screen of death’. Remediation efforts have been non-stop since the incident, which in many cases required manual resets for devices.

Donny Chong, director at Nexusguard, told ITPro that the latest outage highlights the significant impact DDoS attacks can have on critical services and stands as a warning for enterprises globally.

“The Microsoft outage demonstrates the ease at which DDoS actors can wreak havoc against critical business services,” he said. 

“Anyone can carry out an attack of this magnitude from their own bedroom if they have the right equipment. While no company can guarantee the always-on availability of its cloud services, customers of these services have high expectations today, and that’s exactly what attackers are counting on.”

Stephen Robinson, senior threat intelligence analyst at WithSecure, echoed Chong’s comments, adding that while the outage was smaller in scale compared to the recent global disruption, it still showcases the fragility of critical services.

“Modern online services are built on stacked layers of dependencies, and in a significant proportion of service stacks you will find Microsoft services,” he said.

“One of the affected Microsoft services, Entra, is used to allow people to log on to services and websites, and without it, users are not able to log in,” Robinson added. “As such, while this outage only lasted for a short time and affected a subset of services, the impact was still noticeable to many people."