DDoS Attacks (Distributed Denial-of-Service)
- What it is: A type of cyberattack that aims to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic 1 from multiple compromised computer systems. This coordinated and distributed attack renders the target resource unavailable to its legitimate users.
How it works: Attackers typically orchestrate DDoS attacks by leveraging a botnet – a network of compromised devices (often computers, IoT devices, or servers) infected with malware and controlled remotely by the attacker. These bots are instructed to simultaneously send a massive volume of requests to the target’s IP address or infrastructure. This overwhelming influx of traffic can exhaust the target’s network bandwidth, server processing power, and other critical resources, leading to service degradation or complete outage. Different types of DDoS attacks target various layers of the network protocol stack, including volumetric attacks (e.g., UDP floods, ICMP floods), protocol attacks (e.g., SYN floods), and application-layer attacks (e.g., HTTP floods).
Example with key data: In 2022, Cloudflare reported a series of massive HTTP DDoS attacks that peaked at 26 million requests per second (RPS), originating from a botnet comprising over 5,000 unique client IPs. These attacks targeted various Cloudflare customers, demonstrating the increasing scale and sophistication of application-layer DDoS attacks. The high RPS rate highlights the sheer volume of traffic that attackers can generate through distributed botnets, effectively overwhelming even well-protected infrastructure. The use of HTTP floods specifically targets web application resources, making it difficult to differentiate malicious traffic from legitimate user activity without advanced mitigation techniques.