Mispadu Banking Trojan – Active IOCs
August 6, 2024Novel Android Trojan ‘BlankBot’ Aims to Steal Financial Data of Turkish Users – Active IOCs
August 6, 2024Mispadu Banking Trojan – Active IOCs
August 6, 2024Novel Android Trojan ‘BlankBot’ Aims to Steal Financial Data of Turkish Users – Active IOCs
August 6, 2024Severity
High
Analysis Summary
An Azure outage that affected users in North and South America for more than two hours has been resolved by Microsoft. According to the firm, services that use Azure Front Door (AFD), a cutting-edge cloud Content Delivery Network (CDN), were affected by the issue, which began at roughly 18:22 UTC.
Several regions are affected by this problem, primarily North America and Latin America. It stated that a configuration update was the reason for the outage. This update has been undone, and as of 19:25 UTC, most services are starting to recover. In reaction to this problem, several Microsoft services have failed away from AFD.
The Azure DevOps status page also notes that Brazilian users are affected by the problems. Nevertheless, users have also reported having trouble connecting to Azure services, including Azure DevOps, in the United Kingdom. In addition, many users were unable to access the Azure status page throughout the outage, even though it was silent regarding the impacted services for at least an hour. Although there have been no Azure issues reported on the Service Health Status page throughout the outage, Downdetector has also received thousands of user reports citing server connection and login issues.
The incident comes after a significant Azure outage that affected numerous Microsoft 365 and Azure services last week, resulting in poor performance and access problems for users across the globe. The Microsoft 365 admin center, Intune, Entra, Power BI, and Power Platform services were among those impacted by the outage, which the company later confirmed. It attributed the outage to an unanticipated spike in usage, which caused the Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components to perform below acceptable thresholds, resulting in intermittent errors, timeouts, and latency spikes.
But Microsoft has recently disclosed that a volumetric TCP SYN flood distributed denial-of-service (DDoS) attack that targeted numerous Azure Front Door and CDN sites was the cause of last week's nine-hour Azure outage. Although a Distributed Denial-of-Service (DDoS) attack was the initial trigger event that triggered our DDoS prevention systems, preliminary investigations indicate that an error in the defenses' implementation increased the attack's impact rather than lessened it.
Another severe disruption that affected Microsoft 365 subscribers earlier this month was brought on by what was at the time described as an Azure configuration change. Other global outages that occurred in January 2023 as a result of a Wide Area Network IP change and in July 2022 as a result of an improper Enterprise Configuration Service (ECS) deployment also impacted Microsoft 365 services. The company announced in June 2023 that a threat actor identified as Anonymous Sudan (also known as Storm-1359), who was thought to have ties to Russia, had shut down its web interfaces for OneDrive, Outlook, and Azure through Layer 7 DDoS attacks.
Impact
- Operational Disruption
Remediation
- Make sure that Azure Service Health alerts are configured and maintained to receive notifications and to be informed about upcoming Azure service concerns.
- Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
- Develop a comprehensive incident response plan to respond effectively.
- Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.