A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF.
The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and starkstresser.net. These services typically employ botnet malware installed on compromised devices to launch attacks on behalf of paying customers against targets of their liking.
In addition, three administrators associated with the illicit platforms have been arrested in France and Germany, with over 300 users identified for planned operational activities.
„Known as ‚booter‘ and ’stresser‘ websites, these platforms enabled cybercriminals and hacktivists to flood targets with illegal traffic, rendering websites and other web-based services inaccessible,“ Europol said in a statement.
„The motivations for launching such attacks vary, from economic sabotage and financial gain to ideological reasons, as demonstrated by hacktivist collectives such as KillNet or Anonymous Sudan.“
In a coordinated statement, the Dutch Politie said it has initiated prosecution against four suspects aged between 22 and 26, who are from Rijen, Voorhout, Lelystad and Barneveld, for carrying out hundreds of DDoS attacks.
The U.S. Department of Justice (DoJ) also charged two defendants – Ricardo Cesar Colli (aka TotemanGames), 22, of Brazil and an unnamed individual – for allegedly overseeing some of the computer attack platforms.
„In recent years, booter services have continued to proliferate as they offer a low barrier to entry for users looking to engage in cybercriminal activity,“ the DoJ said. „These types of DDoS attacks are so named because they result in the “booting” or dropping of the targeted computer from the internet.“
Participating nations in PowerOFF include Australia, Brazil, Canada, Finland, France, Germany, Japan, Latvia, the Netherlands, Poland, Portugal, Sweden, Romania, the United Kingdom, and the United States.
The development comes a little over a month after German law enforcement authorities announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to mount distributed denial-of-service (DDoS) attacks.
Earlier this month, web infrastructure and security company Cloudflare said shopping and retail sites in the United States protected by Cloudflare experienced a significant rise in DDoS activity coinciding with the Black Friday/Cyber Monday shopping season.
The company also revealed that 6.5% of global traffic was mitigated by its systems in 2024 as being potentially malicious or for customer-defined reasons. Companies in the Gambling/Games industry were the most attacked during the time period, followed by the Finance, Digital Native, Society, and Telecom sectors.
The findings also follow the discovery of a „pervasive“ misconfiguration bug present in enterprise environments that implement a CDN-based web application firewall (WAF) service, which could allow threat actors to bypass security guardrails erected before web resources and stage DDoS attacks. The technique has been codenamed Breaking WAF.
„The misconfiguration stems from the fact that modern WAF providers are also acting as CDN (content delivery network) providers, designed to provide network reliability and caching for web applications,“ Zafran researchers said. „This dual functionality is at the heart of this widespread architectural blindspot of CDN/WAF providers.“
To mitigate the risk posed by the attack, organizations are recommended to limit access to their web applications by adopting IP allowlists, HTTP header-based authentication, and mutually authenticated TLS (mTLS).