Article Details

How DDoS attacks are taking down even the largest tech companies. Distributed Denial of Service (DDoS) attacks certainly come to mind when considering cyberattacks that can cause widespread outages and service disruptions. These insidious attacks are on the rise, especially targeting major hyperscale cloud environments. Recently, Microsoft has seen an uptick in DDoS attacks targeting its cloud platforms. What is behind the rise of attacks, and how can organizations protect themselves? Are DDoS attacksbecoming the norm? Recently, the German Federal Financial Supervisory Authority (BaFin) was under a DDOS attack. The attack disrupted BaFin’s website, which hosts critical consumer and regulatory information, documents related to investigations, a database of registered companies, job vacancies, and a whistleblowing platform. This attack is just one of many DDoS attacks that have made headlines this year. What are DDoS attacks and how do they work? DDoS attacks are cyber threats aimed at disrupting online services by flooding them with excessive traffic. These attacks leverage botnets—compromised computer networks—often spread across multiple countries to flood target systems like web servers. DDoS attackers use network tools and open proxy infrastructures to direct vast amounts of traffic toward a target, overwhelming its resources and causing service disruptions. These attacks can vary in type, such as those targeting the DNS and other online resources. Detailing the Microsoft DDoS attack Microsoft experienced significant outages across its Azure, Outlook, and OneDrive web portals in early June 2023. These service disruptions were not random but resulted from carefully orchestrated Layer 7 DDoS attacks. Targeted Attacks on Microsoft Services The series of outages kicked off with the web portal of Outlook.com being targeted on June 7th, followed by OneDrive on June 8th, and culminating with the Microsoft Azure Portal on June 9th. At the time, Microsoft did not publicly admit to being under a DDoS attack, though they did give hints, mentioning "applying load balancing processes" as part of their mitigation efforts. Their preliminary root cause report released later noted a sudden spike in network traffic as the cause of the Azure disruption. When Microsoft's Security Response Center post was released, the company explicitly confirmed that the outages resulted from a Layer 7 DDoS attack. This attack targets the application level, deluging services with such a high volume of requests that they can't process them all, effectively causing them to crash. Layer 7 DDoS attacks are a new breed of DDoS that allows attackers to do much more damage with fewer resources. They can deliver more "requests per second" and are more sophisticated since they are better at masquerading as legitimate traffic. Detailing the threat of this new breed of DDoS attack, Akamai's Advisory Chief Information Security Officer, Steve Winterfeld, noted when asked about the perception of DDoS: "It was interesting that last year, DDoS was low on the concern, and this year, it's high on the concern. But then, when you go back and look at where people plan to spend money, it doesn't correlate back to the perception of the threat." Since then, other tech giants had websites taken down by Anonymous Sudan, including OpenAI's ChatGPT and even the DDoS protection company, CloudFlare. With DDoS attacks up 200% from 2022, companies like Microsoft, Cloudflare, OpenAI, and others are having to adjust strategies to protect themselves from the threat of modern DDoS attacks. Let's look more at the attack mechanism used against Microsoft as it sheds light on the future of these types of attacks. Attack mechanism used against Microsoft Anonymous Sudan employed three distinct types of Layer 7 DDoS attacks on Microsoft's services: These techniques can rapidly overwhelm a web service by using up all available connections, rendering the service unable to accept new requests. Who is Anonymous Sudan? While Microsoft refers to the threat actors as Storm-1359, they have made a name for themselves in the cybersecurity world as Anonymous Sudan. Since their inception in January 2023, this group has posed a formidable threat, declaring they would target any nation opposing Sudan. Their usual method of operation involves initiating DDoS attacks and leaking any data they steal. The group's ambitions became more evident in May 2023 when they began demanding ransoms from large organizations. Their initial target was Scandinavian Airlines (SAS), demanding $3,500 to cease the DDoS attack. However, their demands escalated in June when they shifted focus to Microsoft, demanding a whopping $1 million. Interestingly, their motivation seemed two-fold. On one hand, they claimed their attacks were protests against the USA's involvement in Sudanese politics. On the other, there are speculations that Anonymous Sudan may have ties to Russia, given their recent announcement about forming a "DARKNET parliament" with other pro-Russian groups, hinting at impending attacks on European banking systems. While no such attacks on the European banking infrastructure have been confirmed, Anonymous Sudan has showcased the capability and resources to carry out their threats, suggesting financial institutions should be on high alert for future disruptions. Where password hygiene fits into DDoS attacks DDoS attacks, which aim to overwhelm a server or network resource with enormous traffic, are a mounting threat in the cyber landscape. While the nature of these attacks centers on traffic inundation, the mechanisms by which attackers amplify these threats often relate to the vulnerabilities of common internet-connected devices. This is where password hygiene becomes crucial. Improving Password Hygiene with Specops Password Policy to protect against credential-based attacks Credential-based attacks, a primary mode of cyber breaches, leverage weak or compromised passwords. Specops Password Policy Specops Password Policy provides a robust framework to combat these threats, offering multiple layers of protection. Click here to get a free trial of Specops Password Policy and see how it can help strengthen password security. Sponsored and written by Specops Software.