According to DDoS mitigation firm Link11, DDoS attacks have fallen by 60% across Europe following the takedown of WebStresser, which Europol described as the largest DDoS-for-hire service on the market.
It was taken down on April 24th when various European law enforcement agencies acting together under Europol coordination arrested suspected administrators, seized servers and shut down operations of the website, WebStresser.org, a highly popular platform for Internet users to pay to launch DDoS attacks against other websites.
Link11 said that the takedown of the website had a significant impact on reduced DDoS activity worldwide, but particularly in Europe.
“The Link11 Security Operation Center (LSOC), which monitors DDoS attack activity on the internet 24/7, has registered lower attack activity, especially on April 25 and 26, presumably due to [the] elimination of the source,” a Link11 spokesperson told Bleeping Computer.
“The LSOC has seen a roughly 60% decline in DDoS attacks on targets in Europe, […] down 64% from the peak number recorded,” he said.
Onur Cengiz, Head of the Link11 Security Operation Center, said he believed that the slowdown would only last for a temporary period, and new DDoS services would inevitably rise to fill the hole left by WebStresser’s abrupt closure.
According to the Link11 DDoS Report for Q4 2017, Europe had experienced approximately 13,500 DDoS attacks in the last three months of last year, adding up to a combined 1,675 hours, with the largest hitting 70.1 Gbps. The Link11 report cited a 116% rise in DDoS attacks across those three months.
WebStresser is believed to have had over 136,000 registered users at shut down and to have been responsible for over 4 million DDoS attacks over the last several years. Prices for a WebStresser premium account with access to the DDoS feature started at €15 ($18.25).
The service received top placement in Google searches for “DDoS booter” or “DDoS stresser” keywords, helping bolster its popularity.
It was apparently spearheaded by a Serbian 19-year-old named Jovan “m1rk” Mirkovic. It was launched in 2015 and was initially only a small-scale operation, but it grew over the years and eventually aggressively promoted its services on social media and hacking forums. It accepted payment via PayPal and Bitcoin and even launched a mobile app from which users could launch attacks when not in front of their desktops.
Measures were taken against both administrators and users of the portal. It wasn’t revealed what these measures might be, but officials did say that users were spread out worldwide, located in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.