The ongoing battle between cyber criminals and cyber security forces rages on, as one of the world’s largest DDoS-for-Hire websites has been taken down by Dutch police. The website was the target of Operation Power OFF, a coordinated effort by police from the Netherlands, UK, Spain, Croatia, Canada, US, Germany, Europol and several other countries. The site in question, webstresser.org, was believed to have been responsible for attacks against several of the UK’s largest banks in November 2017, as well as carrying out attacks on government websites and police forces around the world. DDoS, or Distributed-Denial-of-Service, is an attack where many online devices (such as PCs or IoT devices) are used to overwhelm a website or online service with traffic, essentially forcing them to freeze up or shut down.
Webstresser.org, the largest known DDoS-for-Hire site, was seized by Operation Power OFF, a coordinated effort from cyber police from a dozen countries.
DDoS attacks have been on the rise in recent years, with the record for largest DDoS attack broken twice in one week earlier this year, in a trend that is expected to continue into 2018. Webstresser has been blamed for launching over four million cyber attacks, costing businesses millions of Euros. Unlike traditional cyber criminals, however, Webstresser didn’t make its money by extorting or stealing from the businesses they targeted – they simply acted as a marketplace that allowed anyone to hire DDoS attacks for as little as €12.
Ransomware and DDoS attacks aren’t the only worrying new trends in the cyber crime sphere, as a spate of cybercrime-as-a-service providers have been gaining popularity in recent years. These put sophisticated technology and advanced cyber crime expertise at the disposal of garden-variety criminals and aspiring cyber criminals with little to no technical skills. They simply pay sites like Webstresser a fee and then tell them which website or business they wish to target.
Webstresser masqueraded in the open as a legitimate business offering “stress tests” for businesses. However, in practice the site’s services were used to carry out corporate espionage and even hold businesses to ransom. Identifying the source of such an attack is a complex process and requires very specialised knowledge, allowing criminals to use the site’s services for nefarious purposes with little to no chance of being discovered by their targets.
Seven arrests have been made in connection with the site, across the Netherlands, Serbia, Croatia and Canada. According to the lead investigator in the operation for the National Crime Agency, Jo Goodall, “Cyber-crime by default is a threat that crosses borders. The arrests made over the past two days show that the internet does not provide bulletproof anonymity to offenders and we expect to identify further suspects linked to the site in the coming weeks and months. We have seen how cyber-attacks have real-world consequences resulting in actual physical harm, as well as causing reputational and financial damage to businesses of all sizes.”
Cyber criminals have been increasingly using DDoS as a means to extort cash from businesses, threatening to take down their websites if they don’t pay. As organisations around the world secure their organisations against ransomware attacks, the criminals are trying to re-purpose the ransomware model to monetise DDoS attacks.
Most businesses won’t have advanced protections in place to defend against modern, sophisticated DDoS attacks, and could be faced with costly downtime if their website or online services were hit in the such an attack. Eventually such protection will become standardised across the industry, at which point cyber criminals will move on to the next means to earn their money off the backs of legitimate, hard-working businesses – this is why cyber security must be a comprehensive, ongoing process.