Cyber attack website Webstresser taken down - comment
It has just been announced that Webstresser, reportedly the world’s biggest ‘DDoS-for-hire’ site, has been taken down by authorities.
Why is this significant? Richard Hummel, from NETSCOUT Arbor’s research team, ASERT Threat Intelligence, comment this news.
DDoS as a Service (DaaS), like webstressor, run rampant in the underground marketplace and their services are often negligible in price. Many of the services list disclaimers in an attempt to mislead the illegal nature of the service. These DaaS providers offer the services at miniscule pricing, which allows anyone with a small amount of digital currency to launch DDoS at a target of their choosing. These attacks often translate to rage fueled, irrational responses of gamers on other gamers. In other cases, the DaaS platforms may be used in hacktivist operations to send a message or take down a web site in opposition to someones viewpoint. The ease of accessibility to DaaS providers enables virtually anyone with the means and power to launch a cyber attack with relative safety and anonymity.
Many such services use a combination of shared servers, also known as bulletproof hosting, and botnets. Although, many of the services have strayed from traditional botnet infrastructure to shared hosting. Additionally, amplification attacks have become commonplace in these services and attackers are able to easily disrupt services, operations, and websites.
Takedowns that disrupt large DaaS providers greatly aide in mitigating potential cyber attacks. Further, the arrest of actors behind these services helps to prevent similar services from resuming, and the example set by law enforcement may discourage others from implementing similar services.