DDoS attacks have dropped by a whopping 60% across Europe following the April 24th takedown of the WebStresser platform, which Europol dubbed the largest DDoS-for-hire service on the market.
According to German cybersecurity firm Link11, its Security Operation Center (LSOC) had noticed the rapid decline in DDoS attacks since the April takedown and the arrest of its alleged administrators. LSOC observed a particularly acute drop in DDoS attacks on April 25th and 26th, the days immediately following the police action.
As Europol stated in a press release on April 24th, 2017, Operation Power Off was a complex investigation led by the Dutch police and the UK’s National Crime Agency with the support of Europol and a dozen other lawn enforcement agencies worldwide.
Onur Cengiz, Head of the Link11 Security Operation Center, said he believed that the slowdown would only last for a temporary period, and new DDoS services would inevitably rise to fill the hole left by WebStresser’s abrupt closure.
“Shutting down Webstresser.org was a massive strike against cybercrime”, Cengiz noted. “But even so, the number of attacks will only decrease temporarily. Experience has shown in recent years that for every DDoS attack marketplace taken out, multiple new platforms will pop up like the heads of a hydra.”
Europol said that WebStresser had been behind more than 4 million DDoS attacks over the last several years, and had over 136,000 registered users as of April 2018. Pricing for a WebStresser premium account was low, starting at €15 ($18.25) for the ability to launch DDoS attacks.
The web stresser was launched in 2015, apparently by a Serbian 19-year-old named Jovan “m1rk” Mirkovic, and was initially a small-scale operation. However, WebStresser it grew over the next few years and began to widely promote its services on social media and hacking forums. The service had top placement in Google keyword searches for “DDoS booter” or “DDoS stresser”. It took payment via PayPal and Bitcoin and even had a mobile app from which users could also launch attacks.
According to Link11’s DDoS Report for Q4 2017, Europe was hit by approximately 13,500 DDoS attacks in the last three months of 2017, totaling a combined 1,675 hours, with the most significant reaching 70.1 Gbps. The Link11 report cited a 116% rise in DDoS attacks across those three months. The cybersecurity firm also noted that the number of DDoS-for-hire services and DDoS attack tools had steadily increased over the last few years. Its researchers said 2018 would likely see even more DDoS attacks than in previous years.