In a major international law enforcement operation codenamed PowerOFF, authorities have successfully dismantled 27 “stresser” services used for conducting distributed denial-of-service (DDoS) attacks. The operation, led by Europol and involving 15 countries, targeted prominent platforms including zdstresser.net, orbitalstresser.net, and starkstresser.net.
Three administrators were arrested in France and Germany, while over 300 users have been identified for further investigation. Dutch authorities have begun prosecution of four suspects, aged 22-26, for conducting hundreds of DDoS attacks.
These booter and stresser services enabled cybercriminals to flood targets with malicious traffic using botnet malware installed on compromised devices. Motivations for such attacks ranged from economic sabotage to ideological reasons, as demonstrated by groups like KillNet and Anonymous Sudan.
Recent Industry Impact:
– Cloudflare reported a significant increase in DDoS attacks during the 2023 Black Friday/Cyber Monday period
– 6.5% of global traffic in 2024 was identified as potentially malicious
– Most targeted industries: Gambling/Games, Finance, Digital Native, Society, and Telecom
The operation involved collaboration between Australia, Brazil, Canada, Finland, France, Germany, Japan, Latvia, the Netherlands, Poland, Portugal, Sweden, Romania, the UK, and the US. This follows Germany’s recent disruption of dstat[.]cc, another DDoS-for-hire service.
Security researchers also identified a critical “Breaking WAF” vulnerability in CDN-based web application firewalls, recommending IP allowlists, HTTP header-based authentication, and mTLS as mitigation strategies.