{"id":22260,"date":"2023-06-19T06:30:07","date_gmt":"2023-06-19T14:30:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/06\/19\/news-15990\/"},"modified":"2023-06-19T06:30:07","modified_gmt":"2023-06-19T14:30:07","slug":"news-15990","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2023\/06\/19\/news-15990\/","title":{"rendered":"Recent Teams, Office outages were caused by cyberattacks: Microsoft"},"content":{"rendered":"

<\/p>\n

Microsoft has confirmed that recent outages<\/a> to its popular services, including Outlook, Teams, OneDrive, and cloud computing platform Azure, were caused by a DDoS<\/a>\u00a0attack by a threat actor that the company tracks as Storm-1359.<\/p>\n

Also known as Anonymous Sudan, Storm-1359 was first detected in January, targeting organizations and government agencies with DDoS attacks and efforts to exfiltrate data. The threat actor was initially assumed to be a \u201chacktivist<\/a>\u201d group protesting a controversial outfit at the Melbourne Fashion Week but has since been linked to the Russian state, according to several media reports.<\/p>\n

\u201cMicrosoft assessed that Storm-1359 has access to a collection of botnets<\/a> and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures,\u201d the company said in a blog post. \u201cStorm-1359 appears to be focused on disruption and publicity.\u201d<\/p>\n

The recent DDoS activities by Storm-1359, Microsoft said, targeted the application layer (layer 7) of the network stack, rather than the most frequently targeted layers 3 or 4.<\/p>\n

Storm-1359 was observed launching several types of layer 7 DDoS attack traffic, including HTTP(S) flood attack, Cache bypass, and Slowloris.<\/p>\n

An HTTP(S) flood attack floods the target\u00a0system\u00a0with a large number of distributed HTTP(S) requests and SSL\/TLS handshakes. The goal is to exhaust the application backend\u2019s CPU and memory resources, causing it to become overwhelmed and unresponsive.<\/p>\n

Cache bypass attacks, on the other hand, are aimed to bypass the content delivery network (CDN)<\/a> layer and overwhelm the origin servers. By sending specific queries with generated URLs, the attacker forces all requests to be forwarded to the origin servers instead of utilizing cached content.<\/p>\n

In a Slowloris attack, the client requests a resource from a web server but deliberately delays or fails to acknowledge the download. This forces the web server to keep the connection open and hold the requested resource in memory.<\/p>\n

The most effective way to reduce the impact of the layer 7 DDoS attack is to install a layer 7 web application firewall (WAF)<\/a> protection service, Microsoft said.<\/p>\n

Azure WAF, available with Azure Front Door and Azure Application Gateway, can be used to protect web applications, with a mix of adequate settings, it said.<\/p>\n

The recommended settings include configuring bot protection for known bad bots, identifying, and blocking malicious IP addresses and HTTPS attacks with custom WAF rules, and limiting traffic from a defined geographic region.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

\n
\n

Microsoft has confirmed that recent outages<\/a> to its popular services, including Outlook, Teams, OneDrive, and cloud computing platform Azure, were caused by a DDoS<\/a>\u00a0attack by a threat actor that the company tracks as Storm-1359.<\/p>\n

Also known as Anonymous Sudan, Storm-1359 was first detected in January, targeting organizations and government agencies with DDoS attacks and efforts to exfiltrate data. The threat actor was initially assumed to be a \u201chacktivist<\/a>\u201d group protesting a controversial outfit at the Melbourne Fashion Week but has since been linked to the Russian state, according to several media reports.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10629,10514,10516],"class_list":["post-22260","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cyberattacks","tag-ddos","tag-microsoft"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=22260"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22260\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=22260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=22260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=22260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}