Cyberattack triggered latest IT outage as Microsoft reveals their tech defences may have made matters worse

MICROSOFT has revealed the global outage affecting Azure and Outlook services yesterday was caused by a cyberattack.

The tech giant was hit by a second outage affecting a handful of Microsoft services, as well as videogame Minecraft , less than two weeks after a major IT meltdown caused chaos across the world.

Alamy

Getty

The most recent disruption affected airports, such as Heathrow, the UK’s largest travel hub, and some banks.

Microsoft deployed multiple engineering teams to investigate the issue.

A preliminary investigation shows the outage was caused by a cyberattack that tech defences failed to combat.

In a statement on the Azure server status site, Microsoft said: “Initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.”

The hack was a Distributed Denial-of-Service (DDoS) attack.

The company issues an apology for the incident, which lasted about 10 hours, and impacted thousands of users.

With crucial services affected, including Outlook, Azure and Microsoft 365, some people complained on social media that they couldn’t do their jobs.

Microsoft said it will publish a review of the incident in three days.

What is a DDoS attack?

A DDoS stands for a Distributed Denial-of-Service (DDoS) attack.

It is a malicious attempt to disrupt a targeted website, service or network by overwhelming it with internet traffic.

A network is essentially flooded with so much information that it can’t bear the weight, and it crashes.

A successful DDoS attack will make parts, or all, of a website, service or network unavailable.

Adam Pilton, senior cybersecurity consultant at Cybersmart, said: “It’s not unsurprising to see that Microsoft has been subject to a denial-of-service attack, I imagine this is a frequent event for them. What is surprising is that it was successful.

“Microsoft have confirmed they do have DDoS protection in place which is what we would expect, however the protection they did have in place was misconfigured which in fact ended up amplifying the attack.”

Pilton called the incident “concerning” after services were disrupted for roughly 10 hours.

“This is now the second reminder in two weeks of the importance of having business continuity planning in place,” he added.

“Whether a specific piece of software is unavailable or your entire network becomes unusable, you must have plans in place to ensure that your business can continue to work.”

Microsoft mega-outage

It came a little over a week after Microsoft last made headlines for a worldwide mega-outage caused by a faulty CrowdStrike update.

The outage, on 19 July, affected hundreds of services on an unprecedented scale.

It grounded flights, disrupted emergency services, halted hospital appointments, newsrooms, television networks and businesses worldwide.

The so-called Microsoft meltdown, which lasted about 20 hours, is reported to have cost the economy an estimated $24billion – or £18billion.

One expert told The Sun it was the closest the world has ever come to the long-fabled “digital apocalypse”.

Days after the outage, Microsoft said it was unable to make security changes that would have blocked the CrowdStrike update due to a 2009 agreement with the European Commission.

The agreement meant multiple security providers could install software at the core of a computer’s operating system, known as the kernel, amid a European competition probe.

Apple, by contrast, blocked access to the kernel on its Mac computers in 2020, which it said would improve security and reliability.

What is CrowdStrike?

THE 19 July global cyber outage related to an issue at cybersecurity firm CrowdStrike.

IT security firm CrowdStrike found crashes on Microsoft’s Windows operating system relating to its Falcon sensor.

CrowdStrike’s Falcon system, designed to prevent cyber attacks, has privileged access to the kernel which meant a faulty update last week resulted in millions of Windows computers and servers failing to load.

The Falcon system monitors the computers it is installed on and detects hacks and bugs before responding to them.

CrowdStrike, headquartered in Austin, Texas, says it is a global security leader which provides an advanced platform to protect data.

A CrowdStrike update on 19 July is said to have caused a critical error in Microsoft operating systems, affecting millions worldwide.

The company regularly updates systems with new anti-virus software

Toby Murray, associate professor in the School of Computing and Information Systems at The University of Melbourne, Australia said: “If Falcon is suffering a malfunction then it could be causing a widespread outage for two reasons .

“One: Falcon is widely deployed on many computers, and two: because of Falcon’s privileged nature.

“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats.

“It is possible that today’s outage may have been caused by a buggy update to Falcon.”.

Cyber expert Troy Hunt told Australian TV network Seven: “It looks like they’ve pushed a bad update, which is presently nuking every machine that takes it.”