Microsoft thwarts one of the biggest cyberattacks in its history

Microsoft thwarts one of the biggest cyberattacks in its history involving 70,000 computers across Asia that could have wreaked havoc on its networks

  • Microsoft said it thwarted one of biggest cyberattacks in its history last month
  • Firm said it was able to fight off a massive Distributed Denial-of-Service attack
  • The hack involved 70,000 computers, most of which were spread across Asia
  • DDoS attacks work by flooding a victim’s system in an attempt to force it offline 

Microsoft has revealed that it thwarted one of the biggest cyberattacks in its history last month.

The technology giant said it was able to fight off a massive Distributed Denial-of-Service (DDoS) hack involving 70,000 computers, most of which were spread across Asia.

The attack targeted one of its customers in Europe, via the firm’s Azure cloud computing service, and was 140 per cent higher than the highest attack bandwidth volume Microsoft recorded in 2020.

DDoS attacks work by flooding a victim’s system with ‘internet traffic’ in an attempt to overload it and force it offline.

They’re usually carried out through a network of machines that have been compromised using malware or malicious software to control them remotely. 

Microsoft has revealed it thwarted one of the biggest cyberattacks in its history last month

WHAT IS A DDOS ATTACK? 

DDoS stands for Distributed Denial of Service. 

These attacks attempt to crash a website or online service by bombarding them with a torrent of superfluous requests at exactly the same time.

The surge of simple requests overload the servers, causing them to become overwhelmed and shut down.

In order to leverage the number of requests necessary to crash a popular website or online service, hackers will often resort to botnets – networks of computers brought under their control with malware.

Malware is distributed by tricking users into inadvertently downloading software, typically by tricking users into following a link in an email or agreeing to download a corrupted file.

Microsoft said this latest attack choked its system with 2.4 terabytes of data every second (Tbps) — which is significantly bigger than the 1Tbps attack in late summer last year.

It lasted for more than 10 minutes, with short-lived bursts of traffic that peaked at 2.4Tbps, 0.55Tbps, and finally 1.7Tbps.

To put the figures into context, a single terabyte is 1,000 gigabytes, which amounts to the equivalent of hundreds of 4K films.

It is very hard to flood a system with that amount of data every second, but Azure was able to stay online throughout because of its ability to absorb tens of terabits of DDoS attacks.  

‘Attacks of this size demonstrate the ability of bad actors to wreak havoc by flooding targets with gigantic traffic volumes trying to choke network capacity,’ said Microsoft’s Amir Dahan, a senior program manager for Azure Networking. 

‘The attack traffic originated from approximately 70,000 sources and from multiple countries in the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as from the United States.’

Microsoft did not name the Azure customer that was targeted, but said it was able to block the attack on them.  

Such hacks can also be used as cover for secondary attacks that attempt to spread malware and infiltrate company systems. 

‘Because of Azure’s global absorption scale and advanced mitigation logic, the customer did not suffer any impact or downtime,’ Dahan added.

‘If the customer had been running in their own datacenter, they would most probably have incurred extensive financial damage, alongside any intangible costs.’

Microsoft said it had also detected a 25 per cent increase in the number of DDoS attacks since the last quarter of 2020.

Despite being one of the largest ever attacks on Microsoft, this was not the biggest DDoS attack of all time.

In 2017, Google was able to block a huge 2.54Tbps that was part of a ‘six-month campaign’ utilising ‘multiple methods of attack’. 

Microsoft also fell victim to the massive ransomware virus attack which spread to the computer systems of hundreds of private companies and public organisations across the globe in May 2017.

Hospitals and doctors’ surgeries in England were forced to turn away patients and cancel appointments after the attack crippled the NHS. 

The WannaCry virus targeted Microsoft’s widely used Windows operating system.

WHAT WAS THE WANNACRY ATTACK?

In May 2017, a massive ransomware virus attack spread to the computer systems of hundreds of private companies and public organisations across the globe.

The software locked computers and asked for a digital ransom before control is safely returned.

In just a few hours, the malware had already infected victims in at least 74 countries, including Russia, Turkey, Germany, Vietnam, and the Philippines – and was estimated to be spreading at a rate of five million emails per hour.

Hospitals and doctors’ surgeries in England were forced to turn away patients and cancel appointments after the attack crippled the NHS. 

The WannaCry virus targeted Microsoft’s widely used Windows operating system.

The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.

It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.

The hackers asked for payments of around £230 ($300) in Bitcoin.

When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.

It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.

Source: Read Full Article