What is a DDoS attack?
A distributed denial-of-service (DDoS) attack floods an online resource—such as a website or cloud service—with fraudulent connection requests or other malicious traffic, typically by using a botnet. Unable to handle all that traffic, the target slows to a crawl or crashes, making it unavailable to legitimate users.
Distributed denial-of-service attacks are a type of denial-of-service attack (DoS attack), a category that includes all cyberattacks that slow or stop applications or services. DDoS attacks are unique in that they send attack traffic from multiple sources all at once—potentially making then harder to recognize and defend against—which puts the “distributed” into “distributed denial-of-service.”
According to the IBM® X-Force® Threat Intelligence Index, DDoS attacks account for 2% of the attacks that X-Force responds to. However, the disruptions that they cause can be costly. System downtime can lead to service disruptions, lost revenue and reputational damage. The IBM Cost of a Data Breach Report notes that the cost of lost business due to a cyberattack averages USD 1.47 million.
How DDoS attacks work
Unlike other cyberattacks, DDoS attacks don’t exploit vulnerabilities in network resources to breach computer systems. Instead, they use standard network connection protocols such as Hypertext Transfer Protocol (HTTP) and Transmission Control Protocol (TCP) to flood endpoints, apps and other assets with more traffic than they can handle.
Web servers, routers and other network infrastructure can process only a finite number of requests and sustain a limited number of connections at any one time. By using up a resource’s available bandwidth, DDoS attacks prevent these resources from responding to legitimate connection requests and packets.
In broad terms, a DDoS attack has two main stages: creating a botnet and carrying out the attack.