A website blamed for launching more than four million cyber-attacks around the world, including attempts to crash banks in the UK, has been taken down in a major international investigation. IT security experts commented below.
Marta Janus, Security Threat Researcher at Cylance:
“On the surface, websites like WebStresser might appear to offer legit services for businesses and network administrators wanting to test their infrastructure against exceptionally high traffic and/or potential attacks. It’s only after registering an account and purchasing a subscription, that the real intent of the service becomes clear. A portal which would be committed to serve benign purposes only, would require the customers to prove their identity, and the fact that they indeed own or legally manage the servers they want to test.
DDoS attacks against businesses and high-profile institutions can be very damaging in terms of costs and user experience. Unsophisticated nature of this kind of attacks makes them an easy way – even for a non-technical person – to harm a company. In response to the high demand in such malicious practices, cybercriminals came up with a more organized way of providing them.
Setting up a service that offers anyone to perform DDoS attacks certainly requires a lot of effort, but it’s not nearly as demanding in terms of technical knowledge as performing a targeted attack. There is plenty of publicly available, open source DDoS tools, and developing one should prove relatively uncomplicated for a moderately experienced programmer. The main challenge is the computing power that is needed to perform large-scale attacks. The cybercriminals might either look to purchase access to large botnets on the underground forums, or decide to invest money in building a solid infrastructure of their own.”
Sean Newman, Director at Corero Network Security:
“Stressers in general are looking to make money under the guise of offering a legitimate and useful service when, in reality, most of them require no proof of identity of the individual launching the attack or that they are indeed associated with, or have the approval of, the organization that is the subject of the attack. Legitimate penetration testing companies are available for any organization that genuinely wishes to test their security preparedness.” .
“The recent take down of webstresser is another example of the transnational nature of cyber crime. Despite one of the larger crimes associated with the website and their operators being against banks in London, the raids to shut down this operations took place on two continents and involved six countries and at least seven agencies. The amount of coordination it took to take a single grey market DDoS provider offline demonstrates the uphill battle national level law enforcement faces when attempting to disrupt even relatively unsophisticated threat actors. Without greater coordination and agreement on malicious activity, law enforcement will always be fighting with one hand held behind their back.”
Emma Wright, Commercial Technology Partner at Kemp Little:
“Attacks, malware and fraud ‘as-a-service’ are becoming increasingly prevalent and easier and expensive to procure. The co-ordination involved to stop these types of attacks is significant and is further evidence of why the UK is correct to implement the Cybersecurity Directive next month and to plan to continue to work closely with law enforcement agencies throughout Europe. Hopefully if the Cybersecurity Directive is followed by our critical national infrastructure providers then we will be less susceptible to such attacks.”
Jamie Tynan, Head of Technical Services at ThinkMarble:
The takedown of webstresser.org is good news for any business that operates online, as it removes a potential attack platform that can easily be used by a disgruntled customer or staff member to cause real financial impact for a business. Perhaps of greater benefit is the arrest of the suspected ringleaders of the gang as this will prevent them from simply starting a new website offering the same service in the never-ending “whack-a-mole” between authorities and cyber-criminals.
Unfortunately, this service is neither a new proposition from criminals, nor is it likely to end with the takedown of webstresser.org. Similar services are offered on the dark web by a multitude of cyber-criminals; however, the arrests will make criminals think twice about offering illegal services if they feel their anonymity (and hence their freedom) is at risk. Arrests of cyber-criminals have increased significantly over the last few years, which show that the additional resources provided to cybersecurity in law enforcement is reaping real and tangible benefits.
Andrei Barysevich, Director of Advanced Collection and Dark Web Expert at Recorded Future:
“Portrayed as legitimate services, “stressors” are designed to assist security engineers in testing the resilience of corporate servers against extreme traffic loads, and often explicitly prohibit any illegal use. In reality, such policies are just a facade, designed to create the appearance of legitimacy. For instance, alongside with other similar services, Webstresser has been openly operating in the darknet since 2015 and was a commonly recommended solution for turn-key DDoS attacks. The takedown by the international law enforcement is a powerful statement to all cybercriminals and a step in the right direction, however, with more than 50 underground DDoS vendors, I am afraid the problem is not likely to be solved any time soon.”
Bill Conner, CEO at SonicWall:
“As the cyber-arms race continues to escalate, there is increasing pressure on the US and UK governments to truly understand the nature of malware cocktails – the process of mixing threats to concoct brand new, destructive attacks. The risks to businesses and even everyday citizen’s data grow each day. Governments and businesses need to deploy a layered security approach utilizing next generation firewalls, deep packet inspection for encrypted communication, cloud-based multi-engine cloud sandboxing, advanced real-time deep memory inspection, and next generation end-point security with rollback capability.” Bill Conner, President and CEO, SonicWall.
Trevor Reschke, Head of Threat Intelligence at Trusted Knight:
“DDoS attacks have always been a relatively straightforward way to harass or extort an adversary – and with sites like these offering to carry them out for such a low cost, it’s not just cybercriminals that are crippling others’ businesses. DDoS attacks can directly contribute to massive revenue losses, customer data breaches and damage to reputation; taking Webstresser out is a significant leap forward for law enforcement. This is a continuance of heightened threat to criminal elements operating in the EU. As it stands now, the safe operating box for criminals is shrinking by the year.
“Interestingly, there’s an increasingly professional approach towards various forms of cybercrime-as-a-service, meaning that newbie cyber-criminals can launch an attack for less than the cost of lunch and with little to no technical skills needed. Businesses need to make sure they’re shoring up the defences as attacks these days can come from anywhere. And I’ve no doubt that where Webstresser has left a hole, the existing competitors will quickly fill the space.”
Andrew Lloyd, President at Corero Network Security:
“As this event illustrates, it remains ridiculously cheap to rent a devastating DDoS attack from these so-called DDoS “stressers” or on the dark web. In many territories, it also remains a criminal offence.
“The latest Corero DDoS Trends Report continues to show that our average customer is attacked 6 times per day. We strongly suspect that the widespread use of rented attacks contributes to the fact that 73% of attacks last less than 10 minutes; why pay for a longer attack than you need?”