Error in Microsoft’s DDoS Defence Causing Increased Azure Service Disruptions

A recent error in Microsoft’s DDoS defence has led to major disruptions within Azure and Microsoft 365 services. Below is an analysis of what happened and its implications for Australian companies depending on these services.

Quick Overview

• Microsoft encountered a DDoS attack impacting Azure Front Door and Azure CDN services.
• An error in the DDoS defence setup magnified the effects of the attack.
• Services impacted included Microsoft 365, Purview, App Services, among others.
• Problems lasted from 9:45pm AEST to 5:43am AEST.
• A detailed preliminary report on the incident is expected to be published by Microsoft soon.

Insights into the DDoS Attack

A DDoS attack aims to disrupt a service by inundating it with excessive traffic. In this case, it targeted Microsoft’s content delivery frameworks, Azure Front Door, and Azure CDN. DDoS attacks can dramatically affect service availability, causing outages and interruptions.

Flaw in DDoS Defence Execution

Microsoft’s DDoS protection features activated as anticipated due to the assault. However, a flaw in the setup of these defences unintentionally increased the attack’s effects instead of lessening them. This flaw resulted in broader service outages than were initially expected.

Service Issues and Resolution

Problems commenced at 11:45 UTC (9:45pm AEST) and were rectified by 19:43 UTC (5:43am AEST). Services impacted included a portion of Microsoft 365, Purview, App Services, Application Insights, and the Azure portal itself. Microsoft addressed the issue by modifying network configurations and executing failovers to alternative networking routes.

Next Steps and Detailed Analysis

Microsoft has pledged to issue a more in-depth preliminary post-incident report later in the week. This report is expected to provide further insights into the cause of the error and outline the steps taken to avert similar incidents in the future.

Recap

An error in Microsoft’s implementation of its DDoS defences during a recent attack led to intensified service disruptions across Azure and Microsoft 365 services. Although the issues have been resolved, a comprehensive report is anticipated to clarify the incident and suggest future preventive actions.

Q&A

Q: What constitutes a DDoS attack?

A:

A DDoS (Distributed Denial-of-Service) attack refers to overwhelming a network or service with a surge of internet traffic, rendering it inaccessible to legitimate users.

Q: Which Microsoft services were impacted by the recent DDoS attack?

A:

The impacted services encompassed Azure Front Door, Azure CDN, a portion of Microsoft 365 offerings, Purview services, App Services, Application Insights, and the Azure portal.

Q: How long did the service disruptions persist?

A:

The disruptions began at 11:45 UTC (9:45pm AEST) and concluded by 19:43 UTC (5:43am AEST).

Q: What measures did Microsoft take to resolve the problem?

A:

Microsoft implemented network configuration amendments to bolster DDoS protection efforts and initiated failovers to alternative networking routes for relief.

Q: Will Microsoft share additional details about the incident?

A:

Indeed, Microsoft is expected to issue a detailed preliminary post-incident report later in the week.

Q: How can businesses safeguard themselves against DDoS attacks?

A:

Businesses can enhance protection by deploying strong DDoS protection systems, sustaining redundant network pathways, and using comprehensive monitoring tools to identify and mitigate attacks promptly.

“`html

Data Compromise at Western Sydney University: Isilon Storage Affected

Quick Overview

• Western Sydney University faced a breach lasting more than eight months.
• Intruders gained access to 83 out of the 400 Isilon storage directories.
• A total of 580TB of data was compromised, including personal and confidential information.
• The breach originated from an initial attack on the Microsoft 365 platform.
• Investigations are actively being conducted by federal and state bodies.

Western Sydney University has disclosed a substantial data compromise that persisted for over eight months, impacting 580TB of data within its Isilon storage framework. The incident led to the exposure of personally identifiable and sensitive details from 83 of the 400 directories contained in the Isilon system.

Insights into the Breach

Isilon, a network-attached storage solution originally created by a company bearing the same name and later taken over by EMC (currently a part of Dell), was the core target. The breached storage included My Documents entries, departmental shared directories, and various forms of backup and archived files.

The university indicated that students and staff utilize centralized network storage to access their personal My Documents, which includes desktop content, downloads, favorites, and internet browsing history. This allows for an individual’s My Documents to be retrievable on any computer connected to the Western network.

Chronology and Extent of the Breach

Investigative findings suggest that unauthorized entry into the Isilon storage took place from July 9, 2023, until March 16, 2024. The preliminary analysis uncovered that sensitive data such as names, contact information, birth dates, health data, workplace behavior data, and financial information had been accessed.

Fortunately, since remediation efforts began on March 16, the university has not observed any additional unauthorized access. Furthermore, there have been no threats regarding the disclosing or publishing of the compromised data, nor has any information surfaced on the dark web.

Initial Breach and Ongoing Investigations

The security vulnerabilities at Western Sydney University trace back to an initial breach of its Microsoft 365 environment in May of the previous year. While there is no evidence of intruder access beyond the Microsoft Office 365 and Isilon environments, the specifics regarding how lateral movement transpired have not been made public.

Authorities at both federal and state levels, including the Cybercrime Squad of the NSW Police Force operating under Strike Force GIRRAKOOL, are currently investigating the matter.

University’s Reaction and Alerts

Western Sydney University has pledged to inform all individuals affected by the Isilon breach. However, it has noted that it may not be feasible to identify every individual impacted.

The university stated that the attackers gained access to “83 of the 400 directories in Isilon,” along with a cache of personally identifiable and sensitive information.

Conclusion

The data compromise at Western Sydney University underscores the essential necessity for robust cybersecurity practices. The extended breach of the Isilon storage system has exposed significant volumes of personal and confidential information, highlighting the urgency for heightened vigilance and advanced security measures. The university is collaborating with authorities to investigate and alleviate the situation, ensuring that similar incidents are prevented in the future.

FAQ: Essential Questions Addressed

Q: What type of data was compromised during the breach?

A:

The breach revealed personally identifiable information, including names, contact details, birth dates, health-related information, workplace behavior data, government identification numbers, tax file IDs, superannuation information, and bank account details.

Q: How long did the intruders have access to the Isilon storage?

A:

Intruders had unauthorized access to the Isilon storage system for a duration exceeding eight months, from July 9, 2023, to March 16, 2024.

Q: What measures has the university taken since the breach was identified?

A:

Following the detection of the breach, the university implemented remediation measures on March 16, and no further unauthorized access has since been recorded. They are also making efforts to notify all affected individuals and are cooperating with authorities for a comprehensive investigation.

Q: Has any of the compromised data been leaked or threatened with release?

A:

To date, there have been no threats to disclose or publish the compromised data, nor has any of the information appeared on the dark web.

Q: What was the initial cause of the data breach?

A:

The data breach originates from an initial compromise within the university’s Microsoft 365 environment in May of the previous year.

Q: Which storage system was the target of the breach?

A:

The compromised system was Isilon, a network-attached storage solution originally developed by Isilon Systems, later acquired by EMC and now part of Dell.

Q: Are any investigations still in progress?

A:

Yes, both federal and state authorities, including the Cybercrime Squad of the NSW Police Force, are conducting an inquiry under Strike Force GIRRAKOOL.

“`

Suncorp Bolsters Risk Strategies Amid Growing AI Aspirations

Quick Read

• Suncorp updates its AI governance and risk management in response to the rise of generative AI.
• Emphasis on internal AI projects to establish foundational capabilities.
• Implementation of federal AI ethics principles for risk management.
• Partnership with IBM on AI applications and governance strategies.

Suncorp’s AI Evolution

Suncorp Group has been utilizing artificial intelligence (AI) technologies like machine learning and robotic process automation (RPA) to streamline operational procedures. This evolution has been underpinned by governance structures and risk management strategies that have effectively dealt with prior AI initiatives.

Generative AI and Growing Aspirations

Adam Spencer, Executive Manager of Enterprise and Strategic Risk, emphasized that the emergence of generative AI (GenAI) has prompted Suncorp to refine its AI governance and risk management strategies. The aim is to ensure safe and responsible AI deployment while facilitating quick technological advancements.

Emphasis on Internal Use Cases

At present, Suncorp is focusing on lower-risk, internally directed GenAI applications. Spencer is of the opinion that beginning with these use cases will allow Suncorp to gain benefits and establish a robust foundation for future, more ambitious AI ventures.

Implementing AI Ethics Principles

Suncorp is putting the federal government’s AI ethics principles into practice to steer its internal discussions and risk assessment activities. These principles encompass various ethical aspects and are being developed into actionable obligations and risk management controls to ensure trustworthy, safe, and equitable AI operations.

Key Risks and Strategies for Mitigation

Spencer pointed out that reliability, safety, and accuracy are fundamental risks that Suncorp aims to tackle in the first instance. Ensuring options for contestability and fairness in AI outcomes is also a priority, allowing customers to question AI-driven decisions if necessary.

Collaboration with IBM

Suncorp and IBM maintain a longstanding collaboration in formulating AI applications leveraging IBM’s Watson technologies. IBM has been actively involved in Suncorp’s initiatives to improve its AI governance and risk management frameworks.

Closing Summary

Suncorp is enhancing its AI governance and risk management to align with its growing AI ambitions, initially concentrating on internal, lower-risk GenAI applications. By adopting and implementing the federal AI ethics principles, Suncorp is establishing a framework for safe and ethical AI usage. The partnership with IBM continues to be a pivotal component of these efforts.

Q: Why is Suncorp revising its AI governance and risk management?

A: Suncorp is revising its AI governance and risk management to keep pace with the rise of generative AI and the company’s goal to expand its AI capabilities in a safe and responsible manner.

Q: What are the initial focus areas for Suncorp’s AI applications?

A: Suncorp is concentrating on internally directed, lower-risk generative AI cases to build foundational capabilities before advancing to more ambitious, customer-centric applications.

Q: How is Suncorp utilising the federal AI ethics principles?

A: Suncorp is employing the federal AI ethics principles as a guideline for internal discussions and risk-mapping processes, converting these principles into actionable obligations and risk management strategies.

Q: What are the key risks Suncorp aims to address with its AI initiatives?

A: The principal risks Suncorp is focused on include reliability, safety, accuracy, contestability, and fairness in AI outcomes.

Q: How is IBM involved in Suncorp’s AI governance and risk management efforts?

A: IBM has been cooperating with Suncorp on AI applications, particularly using Watson technologies, and has been involved in the revision of Suncorp’s AI governance and risk management frameworks.

Toyota and Stanford’s Revolutionary Autonomous Drift Car Partnership

Quick Overview

• Toyota Research Institute and Stanford Engineering realized the first-ever fully autonomous tandem drift.
• The demonstration occurred at Thunderhill Raceway in California.
• Both lead and following vehicles were equipped with AI-powered autonomous technology.
• The objective is to enhance AI’s capacity for vehicle safety and control.
• Researchers implemented neural networks for vehicle simulation.
• This technology could be adapted for urban driving situations.

First-ever Fully Autonomous Tandem Drift

This week, Stanford Engineering alongside the Toyota Research Institute unveiled a groundbreaking video that displays two autonomous cars drifting in parallel. This accomplishment signifies the world’s first fully autonomous tandem drift, marking a notable advancement in artificial intelligence and vehicle safety.

The Thunderhill Raceway Event

The event was held on the skid pan at Thunderhill Raceway, situated 7 miles west of Willows, California, in the Sacramento Valley. Both the leading and trailing vehicles featured cutting-edge autonomous software, enabling them to execute the drift autonomously.

[embedded content]

AI’s Role in Controlling the Drift

The initiation and management of the drift are achieved by continuously adjusting the steering and throttle inputs, all governed by AI. The lead vehicle is tasked with path planning while the following car closely trails, navigating around the lead. This intricate maneuver highlights AI’s skills in real-time vehicle management.

Technology Insights

Trey Weber from Stanford Engineering describes their use of a neural network vehicle model, opting for data-driven learning instead of manually tuning the system. Chris Gerdes, a Mechanical Engineering Professor at Stanford University, remarks on their transition from skepticism regarding AI to acknowledging its crucial role in this success.

“We believe what we’ve accomplished here can be scaled to address larger challenges like automated driving in urban environments”

Consequences for Vehicle Safety

While drifting is typically viewed as an impressive showcase of driving prowess, the foundational technology could yield significant benefits for vehicle safety. By mastering extreme control techniques, researchers aim to bolster safety features in routine driving conditions. The integration of AI and computer vision with neural networks is already enabling autonomous navigation, making this accomplishment a substantial progression.

Conclusion

Stanford Engineering and the Toyota Research Institute have effectively showcased the world’s inaugural fully autonomous tandem drift. This groundbreaking achievement not only demonstrates AI’s potential in vehicle control but also opens avenues for improved vehicle safety in typical driving situations.

Q: What was the purpose of the autonomous tandem drift?

A: The purpose was to enhance AI’s capabilities for advancing vehicle safety and control.

Q: Where was the event held?

A: The event was conducted at Thunderhill Raceway in California.

Q: Which technology facilitated the drift?

A: The vehicles utilized AI-powered autonomous software that regulated steering and throttle inputs.

Q: Who were the main researchers on the project?

A: Trey Weber from Stanford Engineering and Chris Gerdes, a Mechanical Engineering Professor at Stanford University, were key contributors.

Q: How might this technology be utilized in the future?

A: This technology could be adapted for urban driving scenarios, improving vehicle safety and autonomy.

Q: What are the safety implications?

A: Mastery of control in challenging conditions like drifting could enhance safety features in everyday driving environments.

Overview

• Euro zone banks display “potential for advancement” in cyber security.
• The ECB’s inaugural cyber risk stress test uncovers essential domains for improvement.
• Banks are encouraged to enhance business continuity and backup strategies.
• Test outcomes follow a rise in cyber-attacks with possible geopolitical influences.
• ECB emphasizes dependency on outdated IT infrastructures and third-party services.

Stress Test Uncovers Cyber Security Deficiencies

The European Central Bank (ECB) has carried out its first cyber risk stress test, highlighting crucial areas where euro zone banks must enhance their cyber security initiatives. This action was triggered by a noticeable spike in cyber-attacks, many of which may be influenced by geopolitical dynamics.

Details of the Exercise and Results

The ECB involved 109 banks in the stress test, requiring them to delineate their response and recovery strategies for a hypothetical successful cyber-attack. This encompassed outlining their emergency protocols and plans for resuming regular operations.

After evaluating the submissions, the ECB offered each bank tailored recommendations during its annual supervisory review. Notably, these suggestions did not alter the banks’ capital obligations.

Principal Recommendations

The ECB’s essential suggestions for banks were:

• Improving business continuity strategies following a security breach.
• Reinforcing backup plans.
• Examining reliance on external vendors.

ECB supervisor Anneli Tuominen noted that while banks maintain comprehensive response and recovery protocols, there remains substantial potential for advancement.

Further Scrutiny for Selected Institutions

Of the 109 banks, 28 participated in a more intensive exercise that involved an actual recovery drill and an on-site evaluation. While the ECB has not revealed the identities of these banks or the specific vulnerabilities detected, this emphasizes the increased oversight on cyber security readiness.

Increased Cyber Threats and Aging IT Frameworks

The ECB reported a rise in cyber incidents during the latter half of the previous year, attributing this in part to escalating geopolitical tensions, particularly noting Russia’s invasion of Ukraine. The report additionally cautioned that many banks continue to operate with obsolete IT systems and an increasing dependency on third-party vendors.

Global Perspective and Upcoming Actions

Analogous cyber exercises have been carried out by financial regulators in other territories, such as the UK and Denmark. The ECB is set to decide by year-end whether to implement additional tests, representing a pivotal step in fortifying the cyber resilience of the banking sector.

---

Conclusion

The ECB’s inaugural cyber risk stress test has unveiled critical deficiencies within the cyber security frameworks of euro zone banks. Despite the presence of advanced response systems, banks must enhance their business continuity, backup strategies, and monitoring of third-party providers. The escalation of cyber incidents stemming from geopolitical unrest underscores the pressing need for improved cyber resilience in the financial industry.

Questions & Answers

Q: What led the ECB to perform its first cyber risk stress test?

A: The assessment was prompted by an increase in cyber-attacks, some of which may have geopolitical motivations.

Q: What were the primary suggestions made by the ECB?

A: The ECB advised enhancing business continuity plans, bolstering backup strategies, and reviewing reliance on external providers.

Q: How many banks took part in the stress test?

A: A total of 109 banks participated, with 28 undergoing a more detailed review.

Q: What were the significant outcomes of the ECB’s stress test?

A: The assessment indicated that while banks have high-level response structures, there are notable areas for enhancement, especially regarding business continuity and backup protocols.

Q: Did the ECB identify the banks that participated in the test?

A: No, the ECB chose not to disclose the banks’ names or specific vulnerabilities to prevent providing hackers with potential advantages.

Q: How did geopolitical tensions affect cyber incidents?

A: The ECB observed a rise in cyber occurrences linked to increased geopolitical tensions, particularly noting Russia’s invasion of Ukraine.

Q: Will the ECB conduct additional tests in the future?

A: The ECB will determine by year-end whether to undertake further cyber risk stress assessments.