
Microsoft suffered another worldwide outage that impacted Outlook and Azure services after a cyberattack, marking the second global outage over the last month.
On Tuesday, July 30, thousands of reports began to flood into the website DownDetector, which collects data on issues and outages of online services, reporting that multiple Microsoft services were having issues, including the popular online video game Minecraft. The recent disruptions in services also impacted a few banks and airports, including Heathrow, the largest hub for travelers in the UK.
Several engineers were deployed to carry out a preliminary investigation, which found that a cyberattack caused the disruptions after breaking through network defense systems. The attack came from a specific type of hack called a “Distributed Denial-of-Service” (DDoS) attack.
Azure, a platform developed by Microsoft for cloud computing, posted a statement on its server status site and said the investigations indicate that its defense system malfunctioned and “amplified the impact” of the hack instead of “mitigating it.” Other services impacted included Microsoft 365 and Outlook, resulting in a wave of complaints from users on social media who said they could not do their jobs due to the outages.
Microsoft issued an apology for the disruptions in services, which went on for nearly 10 hours before the situation was resolved, impacting several thousand users globally. They promised to publish a report reviewing the incident.
DDoS hacks partially or wholly shut down a service, network, or website by flooding networks with massive amounts of information at once, overloading the system and forcing it to crash.
A Cybersmart senior cybersecurity consultant, Adam Pitton, said he wasn’t surprised that Microsoft was hit by a DDoS attack, which he said is probably “a frequent event for them,” but that he was surprised the attack “was successful.” He added that although Microsoft has “protection in place” against such hacks, the defense system was “misconfigured” and amplified the attack.
The incident comes just a few weeks after a large IT meltdown resulted in worldwide outages from a malfunctioned update to CrowdStrike, a massive cybersecurity company based in Austin, Texas. The unprecedented disruption impacted hundreds of services, including emergency services, hospitals, newsrooms, air travel, and more, resulting in billions in damages.