The disruptions experienced in early June were DDoS attacks by a hacker group, Storm-1359, which could be linked to Russia. Microsoft has confirmed that recent outages to its popular services, including Outlook, Teams, OneDrive, and cloud computing platform Azure, were caused by a DDoS attack by a threat actor that the company tracks as Storm-1359. Also known as Anonymous Sudan, Storm-1359 was first detected in January, targeting organizations and government agencies with DDoS attacks and efforts to exfiltrate data. The threat actor was initially assumed to be a “hacktivist” group protesting a controversial outfit at the Melbourne Fashion Week but has since been linked to the Russian state, according to several media reports. “Microsoft assessed that Storm-1359 has access to a collection of botnets and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures,” the company said in a blog post. “Storm-1359 appears to be focused on disruption and publicity.” The recent DDoS activities by Storm-1359, Microsoft said, targeted the application layer (layer 7) of the network stack, rather than the most frequently targeted layers 3 or 4. Different types of layer 7 DDoS attacks Storm-1359 was observed launching several types of layer 7 DDoS attack traffic, including HTTP(S) flood attack, Cache bypass, and Slowloris. An HTTP(S) flood attack floods the target system with a large number of distributed HTTP(S) requests and SSL/TLS handshakes. The goal is to exhaust the application backend’s CPU and memory resources, causing it to become overwhelmed and unresponsive. Cache bypass attacks, on the other hand, are aimed to bypass the content delivery network (CDN) layer and overwhelm the origin servers. By sending specific queries with generated URLs, the attacker forces all requests to be forwarded to the origin servers instead of utilizing cached content. In a Slowloris attack, the client requests a resource from a web server but deliberately delays or fails to acknowledge the download. This forces the web server to keep the connection open and hold the requested resource in memory. Microsoft’s recommendations include effective WAF settings The most effective way to reduce the impact of the layer 7 DDoS attack is to install a layer 7 web application firewall (WAF) protection service, Microsoft said. Azure WAF, available with Azure Front Door and Azure Application Gateway, can be used to protect web applications, with a mix of adequate settings, it said. The recommended settings include configuring bot protection for known bad bots, identifying, and blocking malicious IP addresses and HTTPS attacks with custom WAF rules, and limiting traffic from a defined geographic region. Related content news analysis AI chip shortages continue, but there may be an end in sight While GPUs are in high demand, they still need high-performance memory chips for AI apps. The market is tight for both — for now. By Lucas Mearian May 07, 2024 7 mins CPUs and Processors Generative AI Technology Industry feature Windows 11 Insider Previews: What’s in the latest build? Get the latest info on new preview builds of Windows 11 as they roll out to Windows Insiders. Now updated for Build 22635.3570 for the Beta Channel and Build 26120.461 for the Dev channel, both released on May 3, 2024. By Preston Gralla May 07, 2024 252 mins Small and Medium Business Microsoft Windows 11 news analysis 3+ reasons Apple might want to make its own server chips Apple reportedly has a top secret plan to make AI chips for servers to provide generative AI services. By Jonny Evans May 07, 2024 5 mins Apple CPUs and Processors Generative AI opinion GenAI is to data visibility what absolute zero is to a hot summer day Given the plethora of privacy rules already in place in Europe, how are companies with shiny, new, not-understood genAI tools supposed to comply? (Hint: they can’t.) By Evan Schuman May 06, 2024 6 mins Data Privacy GDPR Generative AI Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe