Police Shut Down Largest DDoS-for-Hire Marketplace

A large marketplace that allowed users to rent distributed denial-of-service (DDoS) infrastructure from hackers has been shut down following a global law enforcement operation led by police agencies from the Netherlands and the UK.

Known as webstresser.org, the marketplace had 136,000 registered users and was responsible for around 4 million attacks to date, according to Europol, which provided support to the investigation. The targets of the attacks included services offered by banks, government institutions, police forces and online gaming companies.

Webstresser and similar sites have contributed to the commoditization of DDoS in recent years, putting attack capabilities that traditionally required significant knowledge and resources to obtain into the hands of low-skilled attackers—and basically anyone with a grudge. This particular marketplace had offers for renting DDoS botnets for as little as 15 euros a month.

DDoS attacks have been growing in number and size over the past few years, with the threat reaching an unprecedented scale. The method is frequently used to disrupt competitors and put pressure on various online service providers to extort money.

Police arrested Webstresser’s administrators in the UK, Croatia, Canada and Serbia and seized the website’s infrastructure located in the Netherlands, the United States and Germany. Further actions have been taken against top users of the marketplace that were identified in the Netherlands, Italy, Spain, Croatia, the UK, Australia, Canada and Hong Kong.

“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals—and not just experienced ones—to conduct DDoS attacks and other kind of malicious activities online,” said Steven Wilson, head of Europol’s European Cybercrime Centre (EC3). “It’s a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimizing millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks.”

Drupal Fixes Critical Flaw that Puts Websites at Risk of Hacking

Following a pre-notification earlier this week, the Drupal content management system has now received a patch for a critical vulnerability that could be exploited by hackers to compromise websites.

The new vulnerability was discovered while investigating another critical flaw patched last month that has become known as Drupalgeddon2 in the security industry. That vulnerability is currently being exploited in the wild and there is a strong possibility this new one will also be exploited in the near future.

Drupal administrators are advised to upgrade as soon as possible to one of the newly released versions, depending on the branch they use: 7.59, 8.5.3 and 8.4.8. It’s worth noting that Drupal 8.4.8 has been provided as a courtesy since the 8.4.x branch is no longer officially supported. Users of this branch should make immediate plans to upgrade to 8.5.3 if they want to receive future security updates.

The Drupal maintainers have also provided standalone patches that can be applied manually to deployments that, for whatever reason, cannot be upgraded through the normal update process. There is a catch though: For the patch to work, the patch for Drupalgeddon2 also needs to be applied because the flaws are related.

“If your site does not have that fix, it may already be compromised,” the Drupal maintainers warn.

Even though it’s not as popular as WordPress, Drupal powers more than 1 million websites on the internet, many of them belonging to businesses, government institutions and various other organizations. Because of this, it has traditionally been a common target for hackers.

Sponsored Content
Upcoming Webinar
Not All Flaws Are Created Equal: The Difference Between a Flaw, a Vulnerability and an Exploit

Not All Flaws Are Created Equal: The Difference Between a Flaw, a Vulnerability and an Exploit

According to Gartner, the application layer contains 90% of all vulnerabilities. However, do security experts and developers know what’s happening underneath the application layer? Organizations are aware they cannot afford to let potential system flaws or weaknesses in applications be exploited, but knowing the distinctions between these weaknesses can make ... Read More
May 29, 2018

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at lucian@constantinsecurity.com or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 150 posts and counting.See all posts by lucian-constantin