Microsoft admits failing to properly defend latest cyberattack
12/08/2024
Microsoft has confirmed its latest global outage was caused by a malicious cyberattack that the firm failed to properly defend.
The outage saw Outlook email services, Xbox Live, and even Minecraft go down for almost 10 hours. Microsoft admitted this latest attack was 'amplified' by an error in the company's cyber defences.
The attack came just two weeks after a faulty software update from cybersecurity firm CrowdStrike took an estimated 8.5 million Microsoft devices offline. It impacted Microsoft's 365 apps and Azure service, which are used by more than 50 per cent of Fortune 500 companies and eight of the top financial institutions across 43 US states.
An IBM security report stated that the global average cost of a data breach in 2023 was Euros 4.1 million ($4.45 m), a 15% increase over three years.
Microsoft said a preliminary investigation into the latest incident revealed their servers had been the target of a DDoS attack. DDoS, short for distributed-denial-of-service, is a cyberattack that attempts to interrupt a server or network by flooding it with fake internet traffic, preventing user access and disrupting operations.
While this attack method has been used widely by hacktivist groups around the world, these attacks generally cause limited and temporary disruption.
Microsoft said: “Initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it.”
Experts say the attackers may never be identified but that they were likely encouraged to strike by Microsoft's recent service troubles.
Sylvain Cortes, vice president of strategy at cybersecurity firm Hackuity, said: “Rogue actors, cybergangs, and nation-states alike leverage these tactics, so further investigation is required to determine the origin of the threat.”
Microsoft Azure is a cloud computing service which provides data access and management services for a wide number of different clients.Azure also provides the centralised computer backbone for many of Microsoft's own services such as Outlook and Xbox Live which were all affected by the disruption.
W Denis Europe arranges comprehensive insurance for EEA based businesses, large and small, including, Data Protection Infringement Cover, Cyber, Errors & Omissions, Directors & Officers Liability and much more. For more information, or a quotation, please contact W Denis Europe:
Eastern Europe
Southern Europe
Christos.Hadjisotiris@wdenis.com
Western Europe &/or elsewhere worldwide