Microsoft blames Outlook and cloud outages on cyberattack

2024-12-24 21:47:34 source: category:Finance

Tens of thousands of Microsoft users reported serious service disruptions affecting the company's flagship office suite products in early June, leaving them unable to access essential remote-work tools like Outlook email and One-Drive file-sharing apps. 

The cause of the sporadic service disruptions, which Reuters reported lasted more than two hours, were initially unclear, according to the company's tweets at the time. But now, the software company has identified a cause of the outages: a distributed denial-of-service (DDoS) attack executed by "Anonymous Sudan," a cybercriminal group with alleged Russian ties. 

Microsoft attributed the service outages during the week of June 5 to the cybercriminal group in a statement on its website Friday. Slim on details, the post said the attacks "temporarily impacted availability" of some services. The company also said the attackers were focused on "disruption and publicity" and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.

The Microsoft post linked the attackers to a group known as "Storm-1359," using a term it assigns to groups whose affiliation it has not yet established. However, a Microsoft representative told the Associated Press that the group dubbed Anonymous Sudan was behind the attacks.  

Microsoft said there was no evidence any customer data was accessed or compromised. The company did not immediately respond to CBS MoneyWatch's request for comment. 

Not sophisticated

While DDoS attacks are mainly a nuisance, making websites unreachable without penetrating them, security experts say they can disrupt the work of millions of people if they successfully interrupt popular tech services.

"DDoS is significant in terms of consumer usage, [meaning] you can't get into a website, but it's not a sophisticated attack," Gil Messing, chief of staff at software and security firm Check Point, told CBS MoneyWatch. 

Since the attack, Microsoft has taken several steps to guard against future DDoS attacks, including "tuning" its Azure Web Application Firewall, which serves as a line of defense against potential attacks, the company said in its statement. 

Microsoft will need such precautions to ward off future attackers, who may be emboldened by the success of Anonymous Sudan's attack, Steven Adair, president of cybersecurity firm Volexity, told CBS MoneyWatch. 

"It looks like [Anonymous Sudan's] DDoS efforts were met with a small level of success and that has gained quite a bit of attention," Adair said. "It could spawn copycat attempts, but we are hoping this is not the case."

The Associated Press contributed reporting. 

    In:
  • Cybercrime
  • Microsoft
  • Cyberattack

More:Finance

Recommend

Britney Spears reunites with son Jayden, 18, after kids moved in with dad Kevin Federline

Britney Spears has reunited with her youngest son Jayden Federline after their public rift in 2022.S

A Georgia state senator indicted with Trump won’t be suspended from office while the case is ongoing

ATLANTA (AP) — A Georgia state senator won’t be suspended from office after he was one of 18 others

Millions under storm watches and warnings as Hurricane Lee bears down on New England and Canada

BAR HARBOR, Maine (AP) — Millions of people were under storm watches and warnings Saturday as Hurric