MicrosoftNews/PR

Facing service disruptions with MS applications? Microsoft reveals how to combat these DDoS attacks

2 Mins read
DDoS attacks mitigation

In recent weeks, Microsoft has faced a series of Distributed Denial of Service (DDoS) attacks targeting layer 7, posing a temporary disruption to some of its services such as Outlook email and OneDrive file-sharing apps, as well as its cloud computing platform. The company attributed these disruptions to DDoS attacks orchestrated by an unidentified hacktivist group. The group claimed responsibility for flooding the sites with excessive and malicious traffic, causing service interruptions.

The tech giant swiftly launched an investigation into the incidents and identified the source of the attacks as a threat actor known as Storm-1359.

Microsoft’s experts have determined that Storm-1359 employs a combination of virtual private servers (VPS), rented cloud infrastructure, open proxies, and DDoS tools to carry out their disruptive activities. However, no evidence suggests that customer data has been compromised because of these attacks.

Layer 7 DDoS attacks specifically target the application layer of a network, causing severe strain on system resources and impacting performance. To mitigate the impact of such attacks, Microsoft has fortified its layer 7 protections and fine-tuned the Azure Web Application Firewall (WAF). This enhanced defense system aims to shield customers from similar DDoS assaults.

While Microsoft’s current security measures are effective in preventing most disruptions, the company remains committed to continual improvement. It is regularly evaluating and refining its capabilities based on observed performance and emerging threats.

In light of these recent attacks, Microsoft advises its customers to take proactive measures to enhance the resilience of their own environments. The company recommends the following for DDoS attacks mitigation:

  • Employ layer 7 protection services like Azure Web Application Firewall (WAF) in conjunction with Azure Front Door or Azure Application Gateway to safeguard web applications.
  • For those utilizing Azure WAF
  • Utilize the bot protection managed rule set to defend against known malicious bots.
  • Block IP addresses and ranges identified as malicious by creating custom rules.
  • Implement measures to restrict, rate limit, or redirect traffic from outside or within specific geographic regions. This can be achieved by utilizing custom rules in the WAF.

As Storm-1359’s focus appears to be disruption and publicity, Microsoft emphasizes the importance of vigilance and preparedness in the face of evolving cyber threats. By adopting these recommended practices, customers can bolster their defenses against layer 7 DDoS attacks and minimize potential disruptions to their online services.

Read next: Network security is a top priority for CSPs to manage the expanding traffic, finds survey

Leave a Reply

Your email address will not be published. Required fields are marked *

78 − = 74