Posted on 06/19/2023 9:41:23 AM PDT by MeganC
Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359.
"These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools," the tech giant said in a post on Friday.
Storm-#### (previously DEV-####) is a temporary designation the Windows maker assigns to unknown, emerging, or developing groups whose identity or affiliation hasn't been definitively established yet.
While there is no evidence that any customer data was accessed or compromised, the company noted the attacks "temporarily impacted availability" of some services. Redmond said it further observed the threat actor launching layer 7 DDoS attacks from multiple cloud services and open proxy infrastructures.
This includes HTTP(S) flood attacks, which bombard the target services with a high volume of HTTP(S) requests; cache bypass, in which the attacker attempts to bypass the CDN layer and overload the origin servers; and a technique known as Slowloris.
"This attack is where the client opens a connection to a web server, requests a resource (e.g., an image), and then fails to acknowledge the download (or accepts it slowly)," the Microsoft Security Response Center (MSRC) said. "This forces the web server to keep the connection open and the requested resource in memory."
(Excerpt) Read more at thehackernews.com ...
Xi’s ‘gift’ to Bill perhaps.
One of many reasons why cloud-based anything (accounts, file storage, etc.) should be avoided whenever possible.
“The attack is ongoing.”
a lot of moon pies and rc colas getting hammered out there today I suppose.
Hard to fight that kind of attack and still maintain access for legitimate contact.
I would shut down until I was loaded for bear ...then jump back in and blaze away ....
Mr. Jackson owes ‘Tanji some cash!
The proper response is to isolate Russia, Iran, North Korea, and China from the American internet. Let them hack Europe if they want but cut off their access to America.
Need to include the corrupted Ukraine in that list.
Ain't gonna happen since the REAL National Security Threat to America are Multi-National Big-X CEO's who's business model is built on offshoring as much work and production to our military adversaries (China and Russia) as possible.
Our Democratic-Kleptocracy did this and will do absolutely anything and everything to prevent their multi-trillion dollar gravy train from stopping.
I'd add a few European countries and South African countries to that list.
Technically it's possible to cut them off, it won't last long as they get back on the Internet via other countries that don't cut them off and have access to us.
Personally, I'd like the U.S. to have attack cyber counter-measures automated against those countries that attack us.
Frankly, I'd be surprised if we don't have those already and haven't for some time. If I've thought of it, people smarter than me were way ahead of me.
What difference does it make if your web server or web application is on the cloud or on hardware in your rack space?
BOTH need Internet and TCPIP access, and both have all your customers over the Internet somewhere.
They can hack your web server and shut you down locally or over cloud. The code for these attacks is exactly the same.
Who has more resources to fight them and fix the issue, individual companies and their few administrators or a big vendor with thousands of administrators, security specialists and other employees?
The whole Internet is a stinking cesspool of malware and hackers and it doesn’t matter where the data is stored, but rather that the data needs to have access to the Internet.
Unless, of course, we want to go back to catalog orders by mail and over the phone.
Pandora’s Box was opened some time ago, and we can’t put all the bad back in.
This appears to be a result of our interventionist foreign policy.
I never said the Internet was evil. I said certain personal information should not be stored in the cloud *whenever possible*. The price of convenience is an increase in risk.
Look, you do you. It does make no sense for a person to be on the cloud if everything they have and need is local.
I’m talking about big businesses, who have thousands if not millions of customers.
Do you do online banking? Do you participate here? Do you buy from Amazon, Walmart or Chase or American Express Credit Cards?
All of those feature web servers on the Internet, and I’m talking about servers—computers hosting web pages—with potentially thousands of individual transactions a minute.
I’ve been a computer and network professional for 50 years. I always thought talk of “The cloud” was a sham, because any computer connected to another over the Internet is part of a networked cloud. The term is superfluous. Big vendor clouds just use a ton of their server, network, and storage space to host other people’s applications and data, but they are no more or less vulnerable than single company servers connected to fiber or Twisted pair out to the Internet.
And that is what this attack in the thread is actually all about.
Not end users home computers.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.