Source: Bleeping Computer
Summary
Microsoft has confirmed that recent outages in its Azure, Outlook, and OneDrive portals were the result of sustained Distributed Denial of Service (DDoS) attacks launched by a threat actor that calls itself ‘Anonymous Sudan’. The outages began on June 7, and likely used multiple Virtual Private Servers (VPS), rented cloud infrastructure, open proxies, and DDoS tools to facilitate the attack.
Anonymous Sudan taunted Microsoft on its Telegram channel, boasting about the success of the attacks and proposing it would end the attacks and teach Microsoft’s cybersecurity experts how to prevent them in exchange for $1,000,000. Anonymous Sudan cited U.S. involvement in Sudanese politics as the reason for the attack.
Analysis
Although DDoS attacks are initially effective at knocking their targets offline, they usually aren’t sustainable for long periods of time, and targets typically recover once proper mitigations are put in place. However, even a short period of downtime can cause a significant loss of revenue, customer dissatisfaction, and reputational risk. DDoS attacks are a popular attack vector for threat actors with low technical skills as legitimate network stress tools can easily be found online and repurposed for malicious purposes. Threat actors often amplify their attacks by recruiting their social media followers to participate, providing them with the required instructions and tools. Additionally, a high number of open proxies and DNS resolvers can be leveraged for DDoS attacks making it difficult for defenders to counter DDoS attacks by blocking IP addresses alone.
Mitigation
Field Effect recommends that organizations running proxies and DNS resolvers ensure that they cannot be accessed externally, and thus only serve the users within the network. This ensures threat actors have less infrastructure from which to launch their DDoS attacks.
Having a firewall will usually not stop the high volume of traffic generated during a DDoS attack the scale of those conducted by Anonymous Sudan. To properly mitigate organizations should deploy specific DDoS prevention solutions that are designed to counter various types and volumes of DDoS attacks.
References