Microsoft recently reported and responded to a spate of Layer 7 Distributed Denial of Service (DDoS) attacks. These DDoS attacks affected several of Microsoft’s services, leading the company to reveal recommendations for businesses around the world.
In early June 2023, Microsoft began investigating an influx of traffic affecting service availability. The company traced the ongoing DDoS activity back to a threat actor dubbed Storm-1359. The attackers appear to be using multiple virtual private servers (VPS), leased cloud infrastructure, open proxies, and DDoS tools to carry out these attacks.
Microsoft reveals recommendations to counter Layer 7 Storm-1359 DDoS attacks
See also: FTC fines Microsoft $20 million for child privacy violation
The Storm-1359 attacks caused interruptions and temporary outages of numerous Microsoft services. These include Azure, Outlook, OneDrive, Teams and other Microsoft 365 software suites. While this caused inconvenience, Microsoft assured customers that there was no evidence of customer data leaks.
Given the increasing complexity of these attacks, Microsoft has made recommendations to improve DDoS protection at layer 7:
- Use Layer 7 security services: Services such as Azure’s Web Application Firewall (WAF), available with Azure Front Door and Azure Application Gateway, can be used to protect web applications.
- Take advantage of bone protection: For Azure WAF users, Microsoft recommends using the managed bot protection rule set. This provides protection against known malicious bots.
- Block suspicious IP addresses: Microsoft suggests that IP addresses and ranges identified as malicious should be blocked.
- Geofencing: Users must block or redirect traffic from outside a certain geographic region, or even within a certain region, to a static web page.
- Create custom WAF rules: Microsoft recommends creating custom WAF rules to automatically block and mitigate HTTP or HTTPS attacks with known signatures.
Also see: Microsoft says goodbye to Xbox One games!!!
