Blog
Microsoft: Azure Outage Due to DDoS Attack
Tuesday’s Microsoft outage has been traced to a DDoS attack that temporarily took down the company’s Azure cloud service.
The attack sent a flood of internet traffic that disrupted global access to Microsoft’s 365 and Azure services for about eight hours. During the outage, the company hinted that a DDoS attack might have been involved with Microsoft's status reports noting an “unexpected usage spike.”
Redmond has since confirmed that a DDoS attack was the “initial trigger event” behind Tuesday’s outage. To stop the attack, the company’s DDoS protection mechanisms automatically kicked in. But ironically, Microsoft says: “initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.”
The outage, which began at around 7:45 a.m. EST, prompted Microsoft to make several network configuration changes. By 10:10 a.m., the initial network changes “successfully mitigated [the] majority of the impact,” although some customers still reported trouble accessing Microsoft services. It wasn’t until 2 p.m. that Microsoft addressed the rest of the problem.
This comes as DDoS attacks have been growing in intensity. Earlier this month, France-based OVHCloud fended off a record-breaking DDoS assault that reached 840 million packets per second. Such attacks can be launched when a hacker uses an army of computers—such as PCs, servers, or IoT devices—to bombard an internet service or website with traffic, overwhelming the IT systems and forcing them offline.
It's unclear who attacked Microsoft. The company didn’t immediately respond to a request for comment but promised in its status report to publish a preliminary review of the incident in the next 72 hours.
“After our internal retrospective is completed, generally within 14 days, we will publish a Final Post Incident Review with any additional details and learnings,” the company added.
A new cyberattack is targeting iPhone users, with criminals attempting to obtain individuals' Apple IDs in a "phishing" campaign, security software company Symantec said in an alert Monday.
Cyber criminals are sending text messages to iPhone users in the U.S. that appear to be from Apple, but are in fact an attempt at stealing victims' personal credentials.
"Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims," Symantec said. "These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases."
Consumers are also more likely to trust communications that appear to come from a trusted brand like Apple, warned Symantec, which is owned by Broadcom, a maker of semiconductors and infrastructure software.
The malicious SMS messages appear to come from Apple and encourage recipients to click a link and sign in to their iCloud accounts. For example, a phishing text could say: "Apple important request iCloud: Visit signin[.]authen-connexion[.]info/icloud to continue using your services." Recipients are also asked to complete a CAPTCHA challenge in order to appear legitimate, before they're directed to a fake iCloud login page.
Such cyberattacks are commonly referred to as "smishing" schemes in which criminals use fake text messages from purportedly reputable organizations, rather than email, to lure people into sharing personal information, such as account passwords and credit card data.
How to protect yourself
Be cautious about opening any text messages that appear to be sent from Apple. Always check the source of the message — if it's from a random phone number, the iPhone maker is almost certainly not the sender. iPhone users should also avoid clicking on links inviting people to access their iCloud account; instead, go to login pages directly.
"If you're suspicious about an unexpected message, call, or request for personal information, such as your email address, phone number, password, security code, or money, it's safer to presume that it's a scam — contact that company directly if you need to," Apple said in a post on avoiding scams.
Apple urges users to always enable multi-factor authentication for Apple ID for extra security and to make it harder to access to your account from another device. It is "designed to make sure that you're the only person who can access your account," Apple said.
Apple adds that its own support representatives will never send its users a link to a website and ask them to sign in, or to provide your password, device passcode, or two-factor authentication code.
"If someone claiming to be from Apple asks you for any of the above, they are a scammer engaging in a social engineering attack. Hang up the call or otherwise terminate contact with them," the company said.
Other tips for avoiding smishing scams, according to government watchdogs:
Set up your computer and mobile phone so that security software is updated automatically
Never click links, reply to texts or call unknown phone numbers
Never respond to unrecognized texts even if you're asked to "text STOP" to end the messages
Delete suspicious texts
If you get a text purportedly from a company or government agency, check your bill or go online to verify the contact information
The key to staying safe: "Stop before you engage and avoid the urge to respond," according to the Federal Communications Commission.
Cyber-attack on hospitals impacts 1,130 operations
Affected Entities:
More than 1,130 planned operations and 2,190 outpatient appointments have been postponed after a cyber-attack hit London hospitals, it has been revealed.
Nature of Breach:
The disruption was caused when hackers targeted pathology services provider Synnovis.
NHS England said two NHS trusts – King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust - were affected the most.
Medical director for NHS London, Dr Chris Streather said the cyber-attack was "continuing to have a significant impact" on NHS services in south-east London.
Data released by NHS London on Thursday was the second update on the clinical impact of the ransomware cyber-attack on 3 June.
Between 10 June and 16 June, more than 1,294 outpatient appointments and 320 planned operations were postponed across King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.
So far 1,134 planned operations and 2,194 outpatient appointments have been postponed at the two trusts since 3 June.
Additionally, 46 organs were diverted for use by other trusts in the second week after the attack, compared to 18 in the first week.
NHS London declared a regional incident in response to the cyber-attack and has been working to manage disruption.
BBC London health correspondent Karl Mercer said insiders predicted that it could be months before everything would be back to normal after the cyber-attack, also telling him there was "no sense we are in the recovery stage".
Affected Patients
Dr Streather said: "Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber-attack on Synnovis is continuing to have a significant impact on NHS services in southeast London.
"Having treatment postponed is distressing for patients and their families, and I would like to apologize to any patient who has been impacted by the incident.
"Staff are continuing to work hard to re-arrange appointments and treatments as quickly as possible."
Dr Streather added that "mutual aid agreements" between NHS labs have started to have a positive impact by increasing the number of blood tests available for critical and urgent cases.
Primary care appointments are going ahead as normal, and patients can call 999 in an emergency, Dr Streather added.
Panda Express hit with Cyberattack
Affected Entities:
Panda Group, Inc. and its affiliates: Panda Inn, Panda Express, Hibachi-San
Notice Filed with Attorney General of Maine:
Unauthorized access to company's computer system
Nature of Breach:
Unauthorized party accessed consumers’ sensitive information
Actions Taken:
Initiated investigation
Sent out data breach notification letters to affected individuals
Response to Notification:
Importance of understanding risks and taking necessary precautions
Suggested consulting a data breach lawyer for protection and legal options
Cause of Breach:
Suspicious activity detected on March 10, 2024
Unauthorized access to IT network between March 7, 2024, and March 11, 2024
Investigation Process:
Secured network
Engaged third-party data security experts
Reported incident to law enforcement
Data Compromised:
Files containing confidential consumer information
Review Process:
Determined leaked information and impacted consumers by April 15, 2024
Notification Sent:
Data breach letters sent on April 30, 2024, with personalized information on compromised data
Russia Cyber Attack: What You Need to Know
Overview: Recently, Russia carried out a cyber attack that has caused concern worldwide. Here's what you need to know:
What Happened: Russian hackers secretly accessed computers in various parts of the world.
How They Did It: They tricked people with fake emails and exploited weaknesses in computer systems, using harmful software to steal information.
What It Means: Important secrets were stolen, leading to a loss of trust in computers and potential chaos.
What Can We Do: Be cautious with emails, improve computer security, and collaborate to prevent future attacks.
Conclusion: The Russian cyber attack highlights the need for increased caution and teamwork to protect ourselves online.
Password Security: How to protect your privacy
Securing a password is crucial for protecting your online accounts and security of a company. Follow these instructions to enhance password security:
Complexity is Key: Create a password with a mix of uppercase and lowercase letters, numbers, and symbols. Avoid easily guessable information, such as names, birthdays, or common words.
Unique Passwords: Use a unique password for each of your accounts to prevent a security cascade if one is compromised.
Regular Updates: Change your passwords periodically, ideally every three to six months.
Password Manager: Consider using a reputable password manager to generate and store complex passwords securely.
Two-Factor Authentication (2FA): Enable 2FA whenever possible for an additional layer of security.
Beware of Phishing: Stay vigilant against phishing attempts; only enter passwords on secure and verified websites.
Limit Sharing: Never share your passwords with anyone and be cautious about saving them on shared devices.
Schedule a Call
Feel free to contact us with any questions or concerns. We appreciate your interest and look forward to hearing from you
support@ledgermsp.com
Phone
702-996-7110
We provide 24/7 support with network monitoring and reporting