What Is a Distributed Denial of Service (DDoS) Attack?

We Keep you Connected

What Is a Distributed Denial of Service (DDoS) Attack?

A distributed denial-of-service (DDoS) attack is a type of cyberattack in which multiple compromised systems are used to target a single system, usually with the goal of overwhelming its resources and making it unavailable to its users. DDoS attacks can be launched from anywhere in the world using any type of device that can be compromised, including laptops, desktops, routers, smartphones, and even internet-connected appliances.
DDoS perpetrators can range from single individuals working alone to organized criminal groups and even foreign governments. The intention of a DDoS attack can vary but often includes causing financial damage to a targeted organization or simply causing disruption and chaos.
DDoS attacks have become increasingly common in recent years, with numerous high-profile websites and online services falling victim to successful attacks. For example, in 2016, the website of security journalist Brian Krebs was hit with the largest DDoS attack ever recorded at the time, with an estimated peak of 665 gigabits per second (Gbps) of traffic.
Recent attacks have been of much greater magnitude. For example, in February 2020, Amazon thwarted a DDoS attack that peaked at 2.3 terabits per second. And in late 2021, Russia’s Yandex was also hit by a DDoS attack that flooded it with millions of web page requests at a rate of 21.8 million requests per second, among other record attacks.
Over the past year, DDoS attacks have been politically motivated, with many linked to the Russia-Ukraine conflict. According to Kaspersky, some of the organizations targeted by massive DDoS attacks in the first half of 2022 include NATO, Israel’s Airport Authority, the U.K.’s Port of London Authority, the Turkish ministry of defense, the Czech government and public transportation websites, Ukraine’s government websites, and even major U.S. airports.
The severity of DDoS attacks can vary, but they can have significant consequences for targeted organizations. In addition to the potential loss of revenue and damage to reputation, victims may also face fines or penalties if they are unable to fulfill their obligations due to an attack. According to Ponemon, the average DDoS attack costs an average of $22,000 a minute, with the typical attack lasting just under an hour, for an average cost of more than $1 million. That damage will vary considerably by company size.
See also: How to Stop DDoS Attacks: Prevention & Response
DDoS attacks use a network of compromised computers and devices, known as a botnet, to flood the targeted system with overwhelming amounts of traffic. By sending multiple requests simultaneously from numerous sources, the attacker can overload the target’s resources and prevent legitimate users from accessing it.
Attackers typically infect devices with malware that gives them hidden control. Once they have control of enough devices, they can instruct them to all send traffic to the same target at the same time, creating a DDoS attack.
However, the commoditization of DDoS attacks has made them more prevalent and more damaging. There are now services that allow anyone to launch a DDoS attack without having to create their own botnet. These services, known as DDoS-for-hire or DDoS as a service, provide attackers with the capability to launch powerful DDoS attacks without any technical expertise.
For example, a 33-year-old man in Illinois was recently sentenced to two years in prison for running a subscription-based DDoS attack service.
There are three primary categories of DDoS attacks: volumetric, protocol, and application.
Volumetric attacks are the most common type of DDoS attack. They work by flooding the target with traffic until it can no longer cope with the volume of incoming requests and becomes overwhelmed. There are several volumetric attacks, including UDP flood attacks, CharGEN flood, ICMP (Ping) flood, ICMP fragmentation flood, and misused application attacks.
Protocol attacks exploit vulnerabilities in the protocols themselves to cause a DoS condition. The most common type of protocol attack is the SYN flood attack. Other protocol attacks include TCP flood attacks, session attacks, slowloris, ping of death, smurf attacks, fraggle attacks, Low Orbit Ion Cannon (LOIC), and High Orbit Ion Cannon (HOIC).
Application attacks target vulnerabilities in specific applications or services running on a server. The most common type of application attack is the HTTP Flood attack.
Other types of DDoS attacks don’t fall neatly into one of the three primary categories. These include:
Read more: Complete Guide to the Types of DDoS Attacks
It can be difficult to distinguish between a sudden spike in traffic from legitimate users and a DDoS attack. However, there are some red flags to look for.
It could be a sudden surge in popularity or a viral marketing campaign. In these cases, it’s crucial to have proper network monitoring and scaling capabilities in place to ensure your infrastructure can handle the increased traffic without impacting performance.
Prevention of DDoS attacks hinges on IT security teams adopting basic preparation, reaction, and recovery principles.
There are various actions and best practices that security teams can take to prepare for DDoS attacks. These include:
In the event of a DDoS attack, it’s important to quickly identify and confirm the attack, gather information about its impact and severity, and contain and mitigate the attack. Some specific responses you can take include:
Once a DDoS attack has been mitigated, it’s essential to review what happened and what could be done differently in the future to prevent or better handle similar attacks.
This could include implementing any necessary security updates, adjusting network and infrastructure configurations, revisiting your DDoS playbook, and conducting employee training. It’s also important to monitor for any lingering effects and continue monitoring for future attacks.
There are various software solutions and services designed to protect against DDoS attacks. These can include network devices with anti-DDoS features, firewalls and intrusion prevention systems, and specialized DDoS protection software and services. It’s important to research and consider what solution is best carefully.
When shopping for a DDoS solution, we recommend that potential solutions include the following abilities:
Some of the leading DDoS software & services vendors include:
The prevalence and severity of DDoS attacks continues to grow, making it vital for individuals and organizations to understand what DDoS attacks are and how they can protect against them. While there is no one-size-fits-all solution, implementing a combination of prevention measures and a response plan can help defend against these disruptive attacks.
Top Products
Related articles
eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.
Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.
Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.