What Is a DDoS Attack?

A distributed denial-of-service (DDoS) attack is a type of cyber attack that disrupts the availability of online services by overwhelming them with excessive traffic.

Unlike a standard denial-of-service (DoS) attack, which originates from a single source, a DDoS attack uses a network of compromised computers to flood a target — such as a website, server or application — with more requests than it can handle, often rendering it inaccessible to legitimate users.

How Do DDoS Attacks Work?

DDoS attacks rely on a botnet — a network of computers infected with malware — to flood a target system with traffic. Devices are typically compromised when users visit infected sites or download malicious software. Once controlled, these devices can receive attacker instructions to overwhelm a chosen server, website or application.

RelatedLevel Up Your Cybersecurity Operations With Threat-Informed Defense

Types of DDoS Attacks

There are many ways to carry out a DDoS attack, but there are three primary categories.

1. Volume-Based Attacks

Volume-based DDoS attacks take down the victim by sending large amounts of traffic that consume the available bandwidth. This results in 100 percent bandwidth consumption and no available bandwidth to process authorized traffic.

2. Protocol Attacks

Protocol attacks rely on system protocols to flood the back-end system resources. Rather than consume the bandwidth, protocol attacks consume the processing capacity of servers and network devices that support an application or service. 

3. Application Layer Attacks

Application layer attacks are the most sophisticated of the three, as they often exploit application-level logic or resource-intensive endpoints, and may or may not rely on known vulnerabilities.

Application-layer attacks are more complex and often rely on sending seemingly legitimate requests that consume server-side resources without using excessive bandwidth, making them difficult to detect with traditional traffic-monitoring tools.”

How to Prevent a DDoS Attack

DDoS attacks can be difficult to thwart as the traffic that’s generated doesn’t contain malicious indicators. Legitimate services and protocols are used to carry out attacks, so prevention comes down to being able to detect an abnormal level of traffic.

Use Firewalls and Intrusion Detection

Firewalls and intrusion detection/prevention systems are two security tools that can aid in detecting this behavior and block it automatically.

Use Antivirus Software

In addition to network-level prevention, antivirus software is required to protect the endpoints (end-user devices) and ensure malicious software is detected and removed before the device is used for DDoS activity.

Secure IoT Devices and Ensure Firmware Is Updated

Endpoint protection can help detect malware used in botnet formation, but preventing DDoS also requires securing IoT devices, updating firmware and changing default credentials.

RelatedHow to Stop a DDoS Attack: A Guide

Example of DDoS Attack: Dyn, 2016

One of the largest DDoS attacks on record occurred in 2016, when attackers used a malware variant called Mirai to infect approximately 100,000 internet-connected devices and form a massive botnet. This botnet was then used to target Dyn, a major U.S.-based domain name system (DNS) provider. Because DNS is critical to routing internet traffic, the attack disrupted access to major websites including Amazon, Twitter, Spotify, Netflix, PayPal and Reddit. The financial and reputational impact was significant — some analysts estimated that just one hour of downtime could cost companies like Amazon tens of millions of dollars.

In December 2020, after a four-year investigation, an individual was charged and pleaded guilty to participating in the attack. Because the person was a minor at the time, sentencing details remain sealed. DDoS attacks can carry penalties of up to 10 years in prison, depending on their scope and consequences.

Frequently Asked Questions