Understanding DDoS

Definition

A Distributed Denial of Service (DDoS) attack floods a website, application, or network with massive amounts of fake traffic from multiple sources, making it unavailable to legitimate users.

Think of it like this: thousands of people blocking a store entrance so real customers can't get in.

How It Works

Attackers use networks of compromised devices (called botnets) to simultaneously send requests to a target. The target's servers become overwhelmed and can't respond to legitimate traffic.

DDoS vs. DoS:

• DoS (Denial of Service): Attack from a single source
• DDoS: Attack from many sources simultaneously (much harder to stop)

A Brief History

• Early 2000s: First major DDoS attacks hit Yahoo, Amazon, eBay
• 2010s: Attacks grew exponentially with IoT device exploitation
• Today: Attacks regularly exceed 1 Tbps, targeting businesses of all sizes

Why Do Attackers Launch DDoS Attacks?

Financial Gain

• Ransom demands: "Pay or stay offline"
• In 2020, over 100 financial firms were targeted by Ransom DDoS campaigns

Competitive Sabotage

• Taking down competitors during critical business periods
• E-commerce attacks during sales events

Hacktivism

• Political or ideological protests
• Targeting organizations attackers disagree with

Diversion Tactic

• DDoS as a smokescreen while stealing data
• Part of Advanced Persistent Threat (APT) campaigns
• Security teams focus on DDoS while real breach happens elsewhere