In early June, Microsoft experienced service outages in its core Office suite, including Outlook email and OneDrive file sharing, as well as its cloud computing platform. The cause was eventually determined to be distributed denial of service (DDoS) attacks carried out by Storm-1359, an unknown hacktivist organisation. Microsoft offered little information about the attacks, neither detailing the extent of the damage nor revealing any information about the perpetrators themselves. The company said the attacks had a temporary impact on service availability and were intended to cause inconvenience and publicity. The attackers are said to have used rented cloud infrastructure and virtual private networks to launch attacks from botnets of hacked computers around the world. Fortunately, Microsoft has confirmed that no customer data was accessed or exploited.
While DDoS attacks are often a nuisance, rendering websites inaccessible without compromising their security, they can seriously disrupt the operations of software services giants like Microsoft and disrupt global commerce. However, without solid information from Microsoft about the damage, it is difficult to determine the exact extent of the attacks. Security experts stress the need for objective estimates of consumer damage, as Microsoft’s lack of transparency suggests that the scale of the disruption could be significant.
The identity of Storm-1359 is unknown, and cybersecurity experts believe it will take time to identify the culprits, especially if they have sophisticated expertise. Russian hacking organizations, notably the Kremlin-linked Killnet, have previously used DDoS attacks to target government and allied websites. The Microsoft incident highlights the ongoing threat of DDoS attacks, which remain a serious concern for the cybersecurity community.
According to Edward Amoroso, professor at NYU and CEO of TAG Cyber, DDoS attacks are still an unresolved problem, and their potential impact is often underestimated. He believes that the best defense against such attacks is the broad distribution of services across content delivery networks. According to UK security expert Kevin Beaumont, the strategies used by the attackers, in this case, are not new, with some dating back to 2009.
The outage of Microsoft 365 office suite services resulted in a large number of outages and problem complaints on Downdetector. Services affected included Outlook, Microsoft Teams, SharePoint Online and OneDrive for Business. The attacks continued throughout the week, eventually affecting Microsoft’s Azure cloud computing infrastructure. OneDrive file hosting experienced a global outage during this time, while desktop clients were reportedly unaffected.
Regardless of the problems caused by such attacks, it is vital for organizations to continually improve their DDoS defenses and find effective ways to limit their impact on critical services.