April 25, 2018 marked the day attackers lost access to what has been dubbed one of the largest DDoS as a Service (DaaS) providers in existence. Responsible for millions of DDoS attacks around the globe, webstresser.org now shows a “THIS SITE HAS BEEN SEIZED” message from the U.S. DoD, Defense Criminal Investigative Service, Cyber Field Office (Figure 1). The message comes in conjunction with a press release citing the arrest of multiple individuals associated with the service.
A report from BBC News (Cyber-attack website Webstresser taken down), stated:
A website blamed for launching more than four million cyber-attacks around the world, including attempts to crash banks in the UK, has been taken down in a major international investigation.
The operation, which involved the UK's National Crime Agency, blocked Webstresser.org - which allows criminals to buy DDoS and cyber-attacks on businesses. The site was used by a British suspect to attack high street banks last year, causing hundreds of thousands of pounds of damage. Six suspected members of the gang behind the site have been arrested, with computers seized in the UK, Holland and elsewhere.
- DDoS-for-Hire providers offer seemingly legitimate services that are often used for nefarious purposes.
- The services provided by DDoS-for-Hire platforms are often inexpensive and allow any would-be attacker to launch DDoS attack at a target of their choosing.
- Attacks range from high volume floods to sophisticated multi-vector attacks targeting applications, infrastructure and bandwidth simultaneously.
- Disruptions and takedowns of DDoS-for-Hire services assist network defenders around the world by limiting the number of attacks and tools they need to defend against.
DDoS Attack Service Summary
DDoS-for-Hire services, like Webstresser, run rampant in the underground marketplace and their services are often negligible in price. Many of the services list disclaimers in an attempt to mislead the illegal nature of the service. DDoS-for-Hire services offer minuscule pricing, which allows anyone with a small amount of digital currency or other online payment processing service to launch DDoS at a target of their choosing. These attacks often translate to rage fueled, irrational responses of gamers on other gamers. In other cases, the DaaS platforms may be used in hacktivist operations to send a message or take down a web site in opposition to someone’s viewpoint. The ease of accessibility to DDoS attack services enables virtually anyone with the means and power to launch a cyber-attack with relative safety and anonymity.
Many such services use a combination of shared servers, also known as bulletproof hosting, and botnets. It should be noted that many of the services have strayed from traditional botnet infrastructure to shared hosting. Additionally, amplification attacks have become commonplace in these services and attackers are able to easily disrupt services, operations, and websites.
Conclusion: Fighting DDoS Attack Services
Takedowns that disrupt large DDoS-for-Hire services greatly assist in mitigating potential cyber-attacks. Further, the arrest of actors behind these services helps to prevent similar services from resuming, and the example set by law enforcement may discourage others from implementing similar services. Although such operations will discourage many from starting their own DDoS-for-Hire service, takedowns such as this often create a vacuum that is quickly filled by others looking fill that vacuum. Actors that offer these services will continue to exist and no doubt new offerings will emerge, but the continued effort of law enforcement helps drive a balance to the nefarious activity.