A global law enforcement operation disabled 27 stress services used to launch distributed DDoS attacks and took them offline as part of a multi-year international exercise called PowerOFF.
The effort, coordinated by Europol and involving 15 countries, took down several downloader and stresser websites, including zdstresser.net, orbitalstress.net and starkstresser.net. These services typically use botnet malware installed on compromised devices to launch attacks on behalf of paying customers against targets they like.
In addition, three administrators linked to the illegal platforms were arrested in France and Germany, with more than 300 users identified for planned operations.
“Known as ‘loader’ and ‘stressor’ websites, these platforms allowed cybercriminals and hackers to flood facilities with illegal traffic, making websites and other web services unavailable,” Europol said. said in the statement.
“Motivations for launching such attacks vary, from economic sabotage and financial gain to ideological reasons, as demonstrated by hacktivist groups such as KillNet or Anonymous Sudan.’
In a coordinated statement, the Dutch Politie said it prosecuted four suspects aged between 22 and 26 from Rien, Voorhout, Lelystad and Barneveld for carrying out hundreds of DDoS attacks.
PowerOFF participating countries include Australia, Brazil, Canada, Finland, France, Germany, Japan, Latvia, Netherlands, Poland, Portugal, Sweden, Romania, United Kingdom and United States.
The development comes just over a month after German law enforcement agencies announced breach of a criminal service called dstat(.)cc that allowed other threat actors to conduct distributed denial of service (DDoS) attacks.
Earlier this month, the web infrastructure and security company Cloudflare said commerce and retail sites in the United States protected by Cloudflare experienced a significant spike in DDoS activity coinciding with the Black Friday/Cyber Monday shopping season.
Company too revealed that 6.5% of global traffic was restricted by its systems in 2024 as potentially malicious or for customer-specified reasons. Companies in the Gambling/Gaming industry were the most attacked during this period, followed by the Finance, Digital Native, Society and Telecom sectors.
The findings also stem from the discovery of a “pervasive” misconfiguration bug present in enterprise environments implementing a CDN-based Web Application Firewall (WAF) service that could allow threat actors to bypass security fences placed in front of web resources and conduct DDoS attacks. The equipment received a code name WAF breaking.
“The misconfiguration is due to the fact that today’s WAF providers also act as CDN (content delivery network) providers designed to provide network reliability and caching for web applications,” Zafran researchers said. said. “This dual functionality is at the heart of this widespread architectural blind spot of CDN/WAF providers.”
To reduce the risk of an attack, organizations is recommended to restrict access to your web applications by adopting IP whitelists, HTTP header-based authentication, and TLS with Mutual Authentication Protocol (mTLS).