• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us
OCD TECH DDoS ATTACK

Microsoft DDoS attack

June 23, 2023 Posted by OCD Tech Cybersecurity, News

On June 16th, Microsoft attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359.

A hacktivist group known as Anonymous Sudan, a small Russian-funded member of the pro-Russia KillNet hacktivist collective, has claimed responsibility for the attacks. However, it’s worth noting that Microsoft has not explicitly linked Storm-1359 to Anonymous Sudan.

OCD Tech editorial team presents the post released by Microsoft regarding the incident, technical details and recommendations:

“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359″.

These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

“We have seen no evidence that customer data has been accessed or compromised”

“This recent DDoS activity targeted layer 7 rather than layer 3 or 4. Microsoft hardened layer 7 protections including tuning Azure Web Application Firewall (WAF) to better protect customers from the impact of similar DDoS attacks.  While these tools and techniques are highly effective at mitigating the majority of disruptions, Microsoft consistently reviews the performance of its hardening capabilities and incorporates learnings into refining and improving their effectiveness”.

“Customers should review the technical details and recommended actions section of this blog to increase the resilience of their environments to help mitigate similar attacks”.

Technical Details

Microsoft assessed that Storm-1359 has access to a collection of botnets and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures. Storm-1359 appears to be focused on disruption and publicity.

Storm-1359 has been observed launching several types of layer 7 DDoS attack traffic:

HTTP(S) flood attack – This attack aims to exhaust the system resources with a high load of SSL/TLS handshakes and HTTP(S) requests processing. In this case, the attacker sends a high load (in the millions) of HTTP(S) requests that are well distributed across the globe from different source IPs. This causes the application backend to run out of compute resources (CPU and memory).

Cache bypass – This attack attempts to bypass the CDN layer and can result in overloading the origin servers. In this case, the attacker sends a series of queries against generated URLs that force the frontend layer to forward all the requests to the origin rather serving from cached contents.

Slowloris – This attack is where the client opens a connection to a web server, requests a resource (e.g., an image), and then fails to acknowledge the download (or accepts it slowly). This forces the web server to keep the connection open and the requested resource in memory. 

Recommendations – Layer 7 DDoS Protection Tips

Microsoft recommends customers review the following mitigations to reduce their impact to layer 7 DDoS attacks:

  • Use layer 7 protection services such as Azure Web Application Firewall (WAF) (available with Azure Front Door, Azure Application Gateway) to protect web applications.

If using Azure WAF: 

  • Use the bot protection managed rule set provides protection against known bad bots.
  • IP addresses and ranges that you identify as malicious should be blocked.
  • Traffic from outside a defined geographic region, or within a defined region, should be blocked, rate limited or redirected to a static webpage.
  • Create custom WAF rules to automatically block and rate limit HTTP or HTTPS attacks that have known signatures.

Source: Micrososft; Fortune.

Share
0
Avatar photo

About OCD Tech

We provide independent and objective assurance of your IT controls. Using industry recognized frameworks and best practices, we assess your company’s technology risks and evaluate existing controls for risk mitigation. Your business processes are constantly evolving. We ask you, are your IT controls keeping up?

You also might be interested in

Elevating FTC Safeguards compliance with a Defense in Depth approach for enhanced cybersecurity in auto dealerships.
Elevating FTC Safeguards compliance with a Defense in Depth approach for enhanced cybersecurity in auto dealerships.

FTC Safeguards Compliance: Why Defense in Depth is Key for Auto Dealers

Jul 18, 2024

In today’s digital landscape, one fact remains clear, compliance does[...]

NYDFS Cybersecurity Regulation

Carnival Cruise Fined for Cybersecurity Violations by New York State

Jul 11, 2022

Some companies transgressions can be seen as a guide of[...]

FTC-Safeguards-Rule-rundown

Are you prepared for the FTC Safeguards Rule Requirements?

Feb 9, 2022

The Federal Trade Commission (FTC) recently released their Final Rule to amend the Standards for Safeguarding Customer Information.

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us
Prev Next