DDoS attacks – Definition and meaning
What is DDoS attacks? Find out how DDoS attacks work, what risks they harbour and how companies can effectively protect themselves against them.
What are DDoS attacks?
DDoS attacks (Distributed Denial of Service) aim to deliberately overload IT systems so that legitimate users no longer have access to the attacked services, websites or infrastructures. Attackers use a large number of compromised computers and IoT devices that combine to form a botnet. Enormous amounts of requests, data packets or bandwidth are generated via this network in a short space of time. This pushes the systems to their limits and renders them inoperable. From the short-term failure of individual services to considerable financial losses and damage to a company's reputation: the effects of such attacks can be considerable and extend to longer business interruptions.
Functionality and types of DDoS attacks
A central feature of DDoS attacks is their decentralised approach: unlike DoS attacks, which originate from a single source system, DDoS attacks are distributed across numerous computers worldwide. In most cases, these devices are infected by malware and controlled by command & control servers - often without the knowledge of the actual owners. This structure makes effective defence considerably more difficult, as individual sources of attack can hardly be clearly identified or permanently blocked.
In practice, different attack patterns are encountered. Network-based DDoS attacks, for example, aim to utilise the available bandwidth and thus prevent regular data transfers. Volumetric attacks, for example using UDP floods, generate an enormous volume of data at once, while protocol attacks exploit vulnerabilities in protocols such as TCP-SYN. Application layer attacks in turn target individual applications or web services, for example by automatically triggering search queries or payment processes. During major sporting events such as the football World Cup, betting providers in particular are targeted. Attacks on their portals are then often aimed at disrupting the systems and putting operators under pressure, for example through blackmail attempts.
Practical examples and protective measures
The attack on DNS provider Dyn in 2016, for example, showed just how serious the consequences of a DDoS attack can be. Major platforms such as Twitter, Netflix and Spotify were unavailable or only accessible to a limited extent for hours. The trigger at the time was the Mirai botnet, which misused insecure IoT devices such as cameras and routers in particular, directing unprecedented data streams onto the infrastructure. Retailers, especially online shops, also repeatedly report attacks that are targeted at high-selling times such as Black Friday. Here, DDoS attacks often serve the purpose of weakening competitors or supporting ransom demands.
Protection against DDoS attacks is becoming increasingly important for companies. A layered security concept usually includes robust firewalls, the use of intrusion detection systems and specialised DDoS protection solutions. Many companies rely on cloud-based services that filter suspicious data traffic before it reaches their own infrastructure. There are also scrubbing centres that analyse incoming data volumes and remove harmful data packets in a targeted manner. The concept behind the network design also plays a role: geo-redundant structures and load balancing reduce the vulnerability of digital services. Additional protective measures such as web application firewalls or captcha systems are used for particularly exposed systems, for example in the area of online payments. Smaller companies in particular also benefit from regular data backups and emergency plans so that they can react more quickly in the event of a crisis.
Risks and effects
The consequences of a DDoS attack on companies and organisations are manifold. In addition to loss of revenue, such incidents are often accompanied by a lasting loss of trust among customers. The costs of restoring systems and protecting against future attacks should also not be underestimated. The failure of important services can also have contractual consequences and trigger legal disputes. DDoS attacks can now be purchased as a service on the darknet, which means that even less technically savvy players can become attackers. In addition, DDoS attacks are often used to distract security officers - for example, to prepare and carry out more complex attacks such as data theft at the same time.
Frequently asked questions
DDoS attacks can be divided into different categories, including volumetric attacks, protocol attacks and application layer attacks. Volumetric attacks aim to overload the available bandwidth, while protocol attacks exploit vulnerabilities in network protocols. Application layer attacks, on the other hand, are aimed directly at specific applications, for example by sending automated requests to web services. Each of these attack methods has its own techniques and targets, which makes defence against DDoS attacks complex.
Protection against DDoS attacks requires a multi-layered security concept. This includes robust firewalls, intrusion detection systems and specialised DDoS protection solutions. Many companies use cloud-based services that filter suspicious data traffic before it reaches their own infrastructure. Geo-redundancy and load balancing are also important strategies for minimising the attack surface. Additional security measures such as web application firewalls and regular data backups can be implemented for critical systems.
DDoS attacks can have serious consequences for companies, including financial loss, damaged reputation and business interruption. The inaccessibility of online services can lead to loss of revenue, especially during high sales periods such as Black Friday. In addition, the cost of restoring systems and implementing additional security measures can be significant. In the long term, a DDoS attack can affect customer confidence and weaken the company's market position.
The duration of DDoS attacks varies greatly and can range from a few minutes to several days or even weeks. Attackers often aim to attack systems during critical times, such as major events or sales campaigns. The effects are then particularly noticeable, as the accessibility of online services is severely restricted. Companies must therefore be prepared for such attacks and develop appropriate contingency plans in order to be able to react quickly.
DDoS attacks are a criminal offence in many countries and can have serious legal consequences for the attackers. Laws vary, but such attacks are often categorised as cybercrime. The penalties can include fines or even prison sentences. In addition, affected companies can take civil action against the attackers to claim damages. However, legal prosecution can be complex, as the identity of the attackers is often difficult to determine.