What is a DDoS attack, responsible for the latest Microsoft Azure outage?

A cyber attack was most likely responsible for the Microsoft outage on Tuesday that lasted for several hours and came barely two weeks after CrowdStrike's botched security update led to massive disruption globally. Microsoft said a distributed denial-of-service (DDoS) attack targeted its cloud division on the day the tech major released its fourth-quarter earnings . While services are back to normal now, we look at what a DDoS is and whether this episode has affected Microsoft in other ways. Microsoft initially said it had “identified a potential networking issue” before confirming later that the “initial trigger event” was caused by a DDoS attack. “Initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it,” Microsoft said in an update on the website of Azure, its flagship cloud computing platform. A DDoS is a common weapon of choice in cyber attacks. In such a scenario, the perpetrator overwhelms a network server with internet traffic, which then prevents users from accessing services and websites. DDoS attacks more than doubled in 2023, soaring 112 per cent year-on-year, Seattle-based F5 Labs said in a study released on Wednesday. “The sharp rise in DDoS activity hit certain industries particularly hard in 2023,” it said. “Software and computer services remained the most targeted and experienced more than twice the number of attacks in 2023 as the previous year.” A DDoS attack can be hard to confirm. For example, after pop star Michael Jackson died in 2009, Google initially thought the unusually high number of users searching for him meant it was under attack. “The DDoS landscape is more complicated than ever, as companies not only deal with a growing volume of attacks but also a range of activity that is not necessarily malicious, but which can result in denial of service,” F5 Labs director David Warburton said. These can include reseller bots attempting to buy large amounts of inventory or web scrapers seeking product and pricing information, he added. Microsoft's strategy to counter DDoS attacks is backed by its massive global presence and by using tools “unavailable to most other organisations”, according to its website. The company engages with key industry players, including internet service providers and private corporations globally, enabling “Microsoft to absorb attacks across a large surface area”, it says. It also deploys multiple DDoS detection systems at regional data centres to deter attacks and prevent them from spreading to a global scale – which “ensures that Microsoft services can handle multiple simultaneous attacks”. In the latest incident, Microsoft's cloud services were affected, including endpoint management solution Intune, identity and access service Entra, coding tool Power Platform, the Microsoft 365 admin centre and its major cloud service, Azure. SharePoint Online, OneDrive for Business, Microsoft Teams and Exchange Online were not affected, it said. Tuesday's outage was not as widespread and damaging as the CrowdStrike debacle, and did not cause any notable disruption. However, Starbucks acknowledged that it was affected, as its customers had trouble making payments on its app. “Earlier today, some customers were briefly unable to access the mobile order and pay feature in the Starbucks app due to a third-party system outage,” a representative of the Seattle-based coffee chain said. The issue at Starbucks did not last long, with services back up and running within a few hours. As of posting time, everything seems normal with Microsoft's services, according to its service health status website. Microsoft Azure is the company's flagship cloud computing service that powers its services across the globe, and any major outage would have severe consequences. Azure is the second biggest cloud provider worldwide with a 25 per cent market share in the first quarter of 2024, according to data from Statista. That gives it a lead over other majors including Google Cloud (11 per cent) and Oracle (2 per cent). It is also closing in on market leader Amazon Web Services, which has a 31 per cent market share. The cloud became a key selling point for Microsoft, particularly when Satya Nadella took the helm as chief executive in 2014 and chose to pivot towards heavily promoting the service. Azure's notable customers include McDonald's, Adobe, BNY Mellon, Siemens, chipmaker Advanced Micro Devices, government organisations and the World Bank. That has worked well for the company, boosting investor confidence and its bottom line: Microsoft overtook Apple as the world's most valuable company and became only the second enterprise to hit the $3 trillion market capitalisation mark in January . Microsoft's shares dropped by about 1.5 per cent as news of the outage made the rounds, and later declined to 3 per cent down in extended-hours trading after the company reported its fourth-quarter results. In after-hours trading, Microsoft's share price was nearly 7 per cent down , but it is unclear if this was linked to Tuesday's outage. That is a big difference from how the CrowdStrike incident affected Microsoft's shares, which shed barely 1 per cent at the time. As of 12.44pm UAE time, the stock has recovered and is only down 0.89 per cent.

What is a DDoS attack, responsible for the latest Microsoft Azure outage?

The number of such cyber attacks rose by 112% annually last year