Police take down a major cybercrime resource
A recent global raid conducted by police in the UK, US and the Netherlands has helped to take down a major cybercrime resource called WebStresser. The WebStresser website allowed anyone with a credit card to “buy” a distributed denial of service (DDoS) attack on another website of their choice.
What are DDoS attacks?
A DDoS attack uses a network of bots to flood a target website with traffic. Each bot attempts to access the website hundreds of times each minute; eventually there are too many access attempts for the website to handle and it crashes.
It can take many hours for a website to recover from a DDoS attack. Ecommerce sites could lose thousands of dollars during that time because genuine buyers cannot make purchases.
The DDoS attack technique is reliant on thousands of bots to generate the necessary traffic to overload a website. Normally hackers need to infect thousands of computers with malware to create the bot network – a process that can take days or weeks to complete, and which could cost thousands of dollars to set up.
The WebStresser difference
But when using the WebStresser service, anyone could access a network of preconfigured bots instantly. Even more concerning for website owners was the cost of using WebStresser – DDoS attacks could be bought for as little as $15.
This low entry price meant that anyone with a grudge could attack a website – even if they had no technical skills, or experience of hacking. The police believe that thousands of websites were targeted using the WebStresser service before it was taken offline.
A temporary win
Although WebStresser has gone, it is only a matter of time before a copycat service launches. Now that cybercriminals know they can make money from running a DDoS botnet, it is only a matter of time before we see similar hack-for-cash services pop-up elsewhere.
You can play your part
Home users are very unlikely to find themselves the target of a distributed denial of service attack – but that’s not to say you will never be part of one. The WebStresser service uses a network of compromised PCs just like your own as part of the attack.
Unprotected computers are infected with malware that sits dormant until required. When the DDoS attack is launched, these infected computers are then called into action, to target a specific website. Chances are that you will never even know that your computer has become part of a zombie network until an attack begins and your computer slows down.
To avoid becoming an unwitting accomplice, you must ensure that your PC is regularly updated, and that you have a comprehensive antimalware system installed. These combination will help to prevent malware from infecting your PC.