(Bloomberg) — The recent outage on Microsoft Corp.’s cloud computing platform showed the persistence of an old, blunt style of cyberattack.
Most Read from Bloomberg
It’s called a Distributed Denial of Service attack, short for DDoS, and it works by directing large amounts of junk Internet traffic at a target, like a website or server, to disrupt or knock it offline. It has become a favorite tool of hacktivists trying to make a statement by targeting government agencies, banks or large companies.
The attack on Microsoft began on Tuesday morning, hours before the technology giant was due to announce quarterly earnings. Customers of its Azure cloud platform faced hours of outages. Starbucks Corporation had less mobile ordering, as did the UK government’s courts and tribunals service and some online services from Dutch football club FC Twente. Microsoft 365, which includes popular applications such as Outlook and Excel, was also affected.
To make matters worse, a flaw in Microsoft’s automated defense mechanism “exacerbated” the attack rather than mitigating it, the company said in a status update.
DDoS attacks were once considered a “solved problem,” according to Boaz Gelbord, chief security officer at Akamai Technologies Inc. “Attackers could block the pipes, and then the providers could buy bigger pipes, and then they were protected from DDoS.”
But today, they’re cheaper and easier than ever and can be bought for as little as $11, even on the dark web, according to Akamai.
“One of the phenomena we’ve seen in recent years is the resurgence of DDoS attacks,” said Guilbord. They are a problem for smaller sites, but especially now for enterprise companies. It used to be the other way around.”
DDoS attacks, which have been around for decades, aim to flood web servers with so much traffic that they become virtually inaccessible to legitimate users. The proliferation of Internet-connected devices has helped accelerate attacks. Specialized malware is used to infect everything from smart TVs and fitness trackers to baby monitors and video cameras. The malware builds these infected devices into a network known as a “botnet,” a zombie army that can be directed to overwhelm servers with millions of simultaneous requests.
In addition to making political statements, DDoS attacks are sometimes part of broader extortion schemes in which hackers attempt to pay to stop them. It is still unclear who was behind the Microsoft attacks.
DDoS mitigation efforts often involve filtering malicious traffic. However, requests from bots — those zombie computers — can look almost identical to requests from real users, said Pavel Odentsov, chief technology officer at DDoS-mitigation company FastNetMon. Odintsov and five other DDoS experts told Bloomberg News that Microsoft may have exacerbated the impact of Tuesday’s attack by blocking genuine Azure users in an effort to isolate potentially illegitimate users.
A Microsoft spokesman said a “misconfiguration of a network device” caused the service disruption, but did not provide further details. The spokesperson said the company is still investigating the Azure outage, which has now been fully resolved.
“Everything is a nail when you have a hammer,” Odentsov said. “It’s very easy to make a mistake and turn off real customers.” Over the past four years, Odentsov said, the number of DDoS attacks his company has witnessed has roughly doubled each year.
Defending against DDoS attacks is becoming increasingly difficult, Guilbord said, as botnets become larger and more accessible. With the ever-increasing number of web-connected devices and gadgets, cybercriminals have more potential electronic devices to enlist as unwitting participants in their attacks. “You have a lot more readily available botnet armies,” Gelbord said. “It’s almost like an industry. You can hire them, pretty cheaply.”
On Wednesday, the FBI and the Cybersecurity and Infrastructure Security Agency, known as CISA, jointly warned of potential DDoS attacks during the upcoming 2024 US presidential election. The attacks have been used to target election infrastructure in the past, and government agencies said they were likely to be used for the same purpose again.
In Venezuela, DDoS attacks have increased tenfold since President Nicolás Maduro declared victory in a disputed election, according to NetScout Systems Inc. Political demonstrations have erupted on the streets of Caracas to protest what some call fraud. Declaring the victory of yogurt.
“This is not a specific hacktivist group, but a form of digital protest against real-world events,” said Richard Hummel, a senior threat intelligence manager at NetScout. “This is cyber activity where adversaries are trying to create chaos.”
–With assistance from Charles Gurrivan.
Most read from Bloomberg Businessweek.
©2024 Bloomberg LP