In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10.
The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025.
The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee — automating attacks that could overwhelm even well-defended websites.
Global law enforcement response
The arrests in Poland were part of a coordinated international action involving law enforcement authorities in 4 countries, with Europol providing analytical and operational support throughout the investigation.
Dutch authorities have deployed fake booter sites designed to warn users seeking out DDoS-for-hire services, reinforcing the message that those who use these tools are being watched and could face prosecution. Data from booter websites, seized by Dutch law enforcement in data centres in the Netherlands, was shared with international partners, including Poland, contributing to the arrest of the four administrators.
The United States seized 9 domains associated with booter services during the coordinated week of action, continuing its broader campaign against commercialised DDoS platforms.
Germany supported the Polish-led investigation by helping identify one of the suspects and sharing critical intelligence on others.
Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery.
In 2024, authorities took aim at ransomware gangs, malware developers, cybercriminal infrastructure and cryptocurrency thieves. Here's a look at the…
Personal data of nearly 100,000 individuals that have participated in trainings organized by EU CEPOL has potentially been compromised.
Veteran cybercriminals appear to be reducing their dependence on ransomware-as-a-service platforms — a sign that law enforcement raids are having an impact. Experts say the market for digital extortion tools has plenty of room to adapt, though.
Porsche's best-selling model will be discontinued from markets within the European Union in spring of 2024
German law enforcement takes down dark web giant "Kingdom Market," specializing in narcotics and malware sales to tens of thousands of users.
An international law enforcement operation coordinated by Europol resulted in the dismantling of one of the largest groups involved in the distribution of
A new Belgian law will allow ethical hackers to hack into the data of Belgian companies without any prior permission. Until now such practices could land you in jail.
Comme cela était attendu, le Conseil fédéral a adopté les projets d’Ordonnance sur la protection des données (OPDo) et d’Ordonnance sur les certifications en matière de protection des données (OCPD) Plus rien ne s’oppose donc à l’entrée en vigueur de la Loi sur la protection des données révisée (nLPD) le 1er septembre 2023. Le Conseil fédéral a en effet souhaité laisser encore un peu de temps aux petites et moyennes entreprises pour se mettre en conformité.
In Ukraine, civilians are valiantly assisting the army via apps—and challenging a tenet of international law in the process.
