Law enforcement agencies across 15 countries have shut down 27 DDoS-for-hire services. In addition, the agencies have apprehended three administrators and ascertained 300 users of these platforms. This is part of an ongoing, global initiative known as known as PowerOFF, in which authorities combat cyber crime (DDoS attacks in particular). 

Security leaders weigh in 

Ken Dunham, Cyber Threat Director at Qualys Threat Research Unit:

Law enforcement actions do make a difference, however, it always depends upon how adversaries choose to respond. In some cases, pressure and arrests results in release of source code, which may result in a surge of attack using sophisticated attack code, that was formerly private, as a form of plausible deniability by authors of formerly exclusively held code. In other cases, arrests can cause actors to move away from a code base or campaigns that were formerly a notable threat. In other situations, actors adapt, like cockroaches that simply move to another room when you move the couch, when pressure is applied, taking on new codes and tactics to further nefarious means and motives.

Adversaries that attack higher profile targets are likely to incur more risk of law enforcement accountability, especially if actions impact multiple targets or are persistent over time. Times have changed since the turn of the century, when adversaries had the advantage, where law enforcement has training, tools, and tactics to properly track down and arrest actors involved in attack that formerly commanded anonymity without accountability.

Sarah Jones, Cyber Threat Intelligence Research Analyst at Critical Start:

Law enforcement’s commitment to combating cybercrime is evident in the recent coordinated takedown of DDoS attack platforms. While these platforms are often marketed as legitimate tools for stress testing, they are frequently misused to facilitate malicious attacks. By dismantling these services and identifying over 300 customers, law enforcement agencies aim to disrupt the entire ecosystem addressing both the supply of these tools and the demand from those who use them for illegal activities. 

The long-term effectiveness of such measures, however, remains questionable. Cybercriminals are highly adaptive and have historically shown resilience by migrating operations or establishing new platforms. The LockBit takedown in February, for instance, demonstrated how quickly a cybercrime group can pivot and resume activity after a disruption. This adaptability highlights the persistent challenges of enforcing jurisdictional boundaries in cyberspace. Although the involvement of multiple countries in these operations underscores the value of international cooperation, sustained collaboration is essential to maintain pressure on these networks and prevent their resurgence.

The result of law enforcement actions however, are likely to only serve as a deterrent for less experienced attackers. Dutch authorities, for example, revealed cases involving individuals responsible for hundreds or even thousands of DDoS attacks, emphasizing the severe consequences of participating in such activities. However, seasoned cybercriminals are less likely to be deterred. These actors often rely on advanced anonymization tools and sophisticated techniques to evade detection, ensuring their ability to continue operating undisturbed.

While the operation represents a significant step forward in the fight against DDoS-for-hire services its success will depend on sustained efforts, international collaboration, and proactive measures to adapt alongside the evolving tactics of cybercriminals.

Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at Fortinet:

Turning the tide against cybercrime necessitates a culture of collaboration, transparency, and accountability on a larger scale. No single organization can effectively stop cybercrime alone. Public-private partnerships can influence the disruption of large-scale cybercrime activities, leading to a safer, more resilient society. Every organization has a place in the chain of disruption against cyberthreats.