A large marketplace that allowed users to rent distributed denial-of-service (DDoS) infrastructure from hackers has been shut down following a global law enforcement operation led by police agencies from the Netherlands and the UK.
Known as webstresser.org, the marketplace had 136,000 registered users and was responsible for around 4 million attacks to date, according to Europol, which provided support to the investigation. The targets of the attacks included services offered by banks, government institutions, police forces and online gaming companies.
Webstresser and similar sites have contributed to the commoditization of DDoS in recent years, putting attack capabilities that traditionally required significant knowledge and resources to obtain into the hands of low-skilled attackers—and basically anyone with a grudge. This particular marketplace had offers for renting DDoS botnets for as little as 15 euros a month.
DDoS attacks have been growing in number and size over the past few years, with the threat reaching an unprecedented scale. The method is frequently used to disrupt competitors and put pressure on various online service providers to extort money.
Police arrested Webstresser’s administrators in the UK, Croatia, Canada and Serbia and seized the website’s infrastructure located in the Netherlands, the United States and Germany. Further actions have been taken against top users of the marketplace that were identified in the Netherlands, Italy, Spain, Croatia, the UK, Australia, Canada and Hong Kong.
“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals—and not just experienced ones—to conduct DDoS attacks and other kind of malicious activities online,” said Steven Wilson, head of Europol’s European Cybercrime Centre (EC3). “It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimizing millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks.”
Drupal Fixes Critical Flaw that Puts Websites at Risk of Hacking
The new vulnerability was discovered while investigating another critical flaw patched last month that has become known as Drupalgeddon2 in the security industry. That vulnerability is currently being exploited in the wild and there is a strong possibility this new one will also be exploited in the near future.
Drupal administrators are advised to upgrade as soon as possible to one of the newly released versions, depending on the branch they use: 7.59, 8.5.3 and 8.4.8. It’s worth noting that Drupal 8.4.8 has been provided as a courtesy since the 8.4.x branch is no longer officially supported. Users of this branch should make immediate plans to upgrade to 8.5.3 if they want to receive future security updates.
The Drupal maintainers have also provided standalone patches that can be applied manually to deployments that, for whatever reason, cannot be upgraded through the normal update process. There is a catch though: For the patch to work, the patch for Drupalgeddon2 also needs to be applied because the flaws are related.
“If your site does not have that fix, it may already be compromised,” the Drupal maintainers warn.
Even though it’s not as popular as WordPress, Drupal powers more than 1 million websites on the internet, many of them belonging to businesses, government institutions and various other organizations. Because of this, it has traditionally been a common target for hackers.