Major DDoS Attack Disrupts Access to Azure, Office 365 and Other Services
Microsoft yesterday confirmed that a large-scale distributed denial of service (DDoS) attack triggered a major outage that disrupted access to several key services, including Microsoft Azure, Microsoft 365 and Office 365 for nearly 10 hours on July 30th, 2024.
In a statement, Microsoft revealed that an “unexpected usage spike” initially caused performance issues for Azure Front Door and Azure Content Delivery Network components, leading to intermittent errors, timeouts and latency increases. Further investigation found that the root cause was a large-scale DDoS attack targeting Microsoft’s infrastructure.
While Microsoft has extensive security mechanisms in place to detect and mitigate DDoS attacks, an error in how their defense systems were implemented caused the protections to backfire and actually amplify the impact of the attack rather than negating it. This allowed the DDoS traffic to overwhelm front-end systems and disrupt service for millions of customers.
Affected Microsoft services included Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy and the Azure portal. Customers also reported intermittent issues accessing Microsoft 365 applications like Outlook and Office online during the 10-hour outage window between 11:45am and 7:43pm UTC. Major organizations like UK bank NatWest were impacted.
Sean Wright, head of application security at Featurespace, stated that the outage highlights the importance of thoroughly testing any software or systems involved in security and attack mitigation. Even for industry leaders like Microsoft, undetected errors can cause protections to fail during real-world attacks.
Microsoft is conducting a preliminary post-incident review and plans to publish the findings within 72 hours to further explain what transpired and how they are improving processes and defenses. Customers are advised to configure Azure Service Health alerts to stay informed of any future issues.
This new outage occurring so soon after a previous disruption caused by a CrowdStrike update underscores the complex interdependencies of modern cloud-based platforms and applications. Even minor issues or unforeseen interactions have potential for wide-scale impact, emphasizing the need for resilience, transparency and rapid incident response.