Police Shut Down Largest DDoS-for-Hire Marketplace

A large marketplace that allowed users to rent distributed denial-of-service (DDoS) infrastructure from hackers has been shut down following a global law enforcement operation led by police agencies from the Netherlands and the UK.

Known as webstresser.org, the marketplace had 136,000 registered users and was responsible for around 4 million attacks to date, according to Europol, which provided support to the investigation. The targets of the attacks included services offered by banks, government institutions, police forces and online gaming companies.

Webstresser and similar sites have contributed to the commoditization of DDoS in recent years, putting attack capabilities that traditionally required significant knowledge and resources to obtain into the hands of low-skilled attackers—and basically anyone with a grudge. This particular marketplace had offers for renting DDoS botnets for as little as 15 euros a month.

DDoS attacks have been growing in number and size over the past few years, with the threat reaching an unprecedented scale. The method is frequently used to disrupt competitors and put pressure on various online service providers to extort money.

Police arrested Webstresser’s administrators in the UK, Croatia, Canada and Serbia and seized the website’s infrastructure located in the Netherlands, the United States and Germany. Further actions have been taken against top users of the marketplace that were identified in the Netherlands, Italy, Spain, Croatia, the UK, Australia, Canada and Hong Kong.

“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals—and not just experienced ones—to conduct DDoS attacks and other kind of malicious activities online,” said Steven Wilson, head of Europol’s European Cybercrime Centre (EC3). “It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimizing millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks.”

Drupal Fixes Critical Flaw that Puts Websites at Risk of Hacking

Following a pre-notification earlier this week, the Drupal content management system has now received a patch for a critical vulnerability that could be exploited by hackers to compromise websites.

The new vulnerability was discovered while investigating another critical flaw patched last month that has become known as Drupalgeddon2 in the security industry. That vulnerability is currently being exploited in the wild and there is a strong possibility this new one will also be exploited in the near future.

Drupal administrators are advised to upgrade as soon as possible to one of the newly released versions, depending on the branch they use: 7.59, 8.5.3 and 8.4.8. It’s worth noting that Drupal 8.4.8 has been provided as a courtesy since the 8.4.x branch is no longer officially supported. Users of this branch should make immediate plans to upgrade to 8.5.3 if they want to receive future security updates.

The Drupal maintainers have also provided standalone patches that can be applied manually to deployments that, for whatever reason, cannot be upgraded through the normal update process. There is a catch though: For the patch to work, the patch for Drupalgeddon2 also needs to be applied because the flaws are related.

“If your site does not have that fix, it may already be compromised,” the Drupal maintainers warn.

Even though it’s not as popular as WordPress, Drupal powers more than 1 million websites on the internet, many of them belonging to businesses, government institutions and various other organizations. Because of this, it has traditionally been a common target for hackers.

Lucian Constantin

Featured eBook
7 Must-Read eBooks for Security Professionals

7 Must-Read eBooks for Security Professionals

From AppSec to SecOps, Security Boulevard eBooks deliver in-depth insights into hot topics that matter to the Cybersecurity and DevSecOps professionals. Our staff of writers are the best in the business, with decades of practical and award-winning experience and credentials. We are excited to share our 2019 favorites. Take a look and download some of ... Read More
Security Boulevard

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at [email protected] or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 298 posts and counting.See all posts by lucian-constantin