Distributed denial of service (DDoS) is a category of malicious cyber-attacks that hackers or cybercriminals employ in order to make an online service, network resource or host machine unavailable to its intended users on the Internet. Targets of DDoS attacks are flooded with thousands or millions of superfluous requests, overwhelming the machine and its supporting resources. DDoS attacks are distinct from conventional denial of service incidents in that they originate from distributed, or multiple, sources, or IP addresses.
Distributed denial of service incidents are closely associated with botnets, where hackers take over command and control of thousands of Internet-connected devices, and then in coordinated attacks, direct all of those devices to simultaneously send requests to the target. In recent years, however, hacktivist groups and crime organizations have increasingly begun using attack tools that are easy to obtain and simple to use. These DDoS attack applications – WebHive LOIC is the most well-known – originated as tools for cybersecurity professionals to perform “stresser” testing on websites. In standalone instances they are not capable of carrying out a serious DDoS attack. However, when multiple stresser applications are coordinated together, whether through a botnet or via cloud service, these attack tools can take large commercial websites offline for extended periods.
Distributed denial of service attacks are an evolving threat. Massive service outages effecting brand name retailers and large financial service organizations still get the most media attention. Yet the fact is, hackers commonly target organizations in government, education, travel and hospitality, technology, utilities and other sectors with lower intensity DDoS attacks that are harder to detect and remediate. Putting in place a security architecture that enables you to detect, prevent and respond to DDoS attacks is a critical step in any effective cyber security plan.