April 27, 2018 at
Webstresser, the DDoS-for-hire marketplace, sold the ability to take websites offline and takedown domains for as little as EUR 15.00 per month.
The site was taken down by ‘Operation Power Off’, conducted by a multi-national Europol taskforce. The operation was led by the Dutch National High Tech Crime Unit and the UK’s National Crime Agency. They were supported by various other law enforcement agencies from around the world, including the FBI.
The administrators of the site have been arrested, and infrastructure in Germany, the Netherlands and the United States has also been seized.
As well as pursuing the site providers, the task force has gone after some of the site’s top users located internationally across Europe, as well as in Australia, Canada, and Hong Kong. But this represents only a fraction of the sites 136,000 registered users, believed to be responsible for more than 4 million attacks.
The number of users reflects the way that sites like Webstresser have lowered the barrier-to-entry for cybercriminals. It used to be that to launch these kinds of DDoS attacks, a cybercriminal or hacktivist needed to be pretty tech-savvy. Services like Webstresser mean that anyone can purchase these services, renting the use of ‘stressers’ and ‘booters’, using online payment systems or cryptocurrencies.
Gregory Webb, CEO of Bromium, estimates that such attacks generate around $13 million in revenue for the hackers behind the services each year. Meanwhile, managing attacks can cost businesses between $200-$1,000 per day.
While taking down Webstresser represents a win for Europol, it is unlikely to be long before other sites occupy the vacated space. Attack services can be difficult to identify as many promote themselves as legitimate services for testing a site’s resilience to the same DDoS attacks. According to Sean Newman, Director of Product Management at Corero,
Most of them require no proof of identity of the individual launching the attack or that they are indeed associated with, or have the approval of, the organization that is the subject of the attack.
Unsurprisingly, this commodification of DDoS as a service has increased the frequency of cyber attacks. Andrew Lloyd, President of Corero Network Security, says most businesses are attacked six times a day, and attributes the fact that 73% of attacks last less than 10 minutes to the use of rented services like Webstresser’s.
Webmasters best not get too complacent. The commodification of malware not only means that it remains ridiculously cheap to rent a devastating DDoS attack from the Dark Web, but also that attacks are likely to become more sophisticated and disruptive as the market continues to grow.