DDoS stands for distributed denial-of-service and is a type of cyber attack in which multiple systems flood the bandwidth or resources of a targeted system.
The idea behind a DDoS attack is to overwhelm systems, usually one or more web servers, in order to crash or suspend the services of a host connected to the internet. It is usually likened to a group of people all trying to get through a shop door all at once, with the crowd obstructing the entry of legitimate visitors and thus, disrupting business.
The main advantage of DDoS over DoS, or denial-of-service, is that multiple machines can generate more traffic than one, making it harder for such an attack to be stopped.
What is the purpose of a DDoS attack?
The purpose of a DDoS attack varies depending on the attacker and the target, but the aim is generally to cause a service outage. Sometimes this is merely to prevent access to the service or product but it may also be a part of a wider cyber attack designed to breach other security systems.
DDoS attacks will also often have a political purpose, including cyber warfare. For example, attacks strongly suspected to be the work of Russian state-affiliated actors have been carried out throughout the war with Ukraine in 2022.
Ransomware gangs may also make use of DDoS attacks as a means of extracting money from vulnerable or high-value targets.
How do attacks start?
Multiple machines also allow for the attack to be harder to track and shut down, while the behaviour of each attack machine can be much more stealthy than just one lone computer attacking a target.
There are a number of ways in which a DDoS attack can be deployed. A botnet, which is a network of zombie networks set up to receive commands without the owner’s knowledge, is a popular way in which to flood a targeted system. Malware can also be used to carry DDoS attack mechanisms, while Trojans can also compromise a system by either containing or allowing attackers to download, a zombie agent.