Your guide to DDoS attacks

What is DDoS?

Learn the definition and meaning of DDoS

DDoS stands for Distributed Denial of Service. DDoS is a type of cyberattack that tries to make a website or network resource unavailable. An attacker coordinates the use of hundreds or thousands of devices across the internet to send an overwhelming amount of unwanted to the target, which could be a company’s website or network.

Almost any type of internet-facing connected device could be a potential DDoS resource: Internet of Things (IoT) devices, smartphones, personal computers, and powerful servers.

Packets of data are used to communicate on the internet. A DDoS sends unwanted packets, which can be very large packets with lots of data, small packets very rapidly, or packets that require extra processing. It can also make the targeted device waste time waiting for a response that never comes. The target is kept so busy dealing with malicious packets and improper communication methods that there is little or no time left to respond to normal incoming requests – so legitimate users are denied service.

DDoS at a Glance

Facts and Stats
DDoS Facts and Stats image

What is a DDoS Attack?

Identify how attacks affect targets

A DDoS attack, also simply called a denial of service attack or DoS attack, is used for the purpose of creating an outage or slowdown of a website, web application, web API or network. An attack can cause downtime for minutes, hours or days – and prevent legitimate users from buying products, using a service, or getting information from the target.

One or many Internet-facing organizations may be affected by a single attack. An attack that disrupts a common service relied on by many websites, such as a domain name system (DNS) service, can create a wider outage. As a result, DDoS attacks are a significant threat to enterprise and application security and business continuity.

What is the biggest DDoS?

Get a sense of the largest attacks

DDoS has become more powerful and more sophisticated over time. Attackers discover new ways to use exposed resources on the Internet, identify software vulnerabilities and exploit old ones, and figure out how to get around cybersecurity systems. Entrepreneurial attackers innovate: creating easier-to-use attack tools, learning how to generate more attack traffic, and renting bigger and more powerful botnets at affordable prices.

The largest DDoS attack we have observed and mitigated peaked at 1.3 Tbps. Attacks greater than 300 Gbps occur more frequently.

Largest DDoS Attacks Chart

Why DDoS?

Understand the motivations of attackers

Attackers have different reasons for denial of service attacks including: hacktivism, script kiddies, financial manipulation, extortion, digital warfare, and harming competition.

  • Hacktivism: To damage the reputation of a company or to make a political statement, hacktivists deface or block access to digital properties, conduct virtual sit-ins, and gather intelligence. One of their tactics is denial of service.

    Learn about hacktivism

  • Script kiddies: To expand and demonstrate their digital prowess, young developers download free tools and develop their own. An example is an enterprising 12-year-old who targeted a /24 subnet, posted a tutorial on YouTube and coordinated a communal attack with other minors on STEAM and IRC.

    Learn more about this attack

  • Stock prices: Financial services firms have been a prominent target for economically and ideologically motivated criminals. Complex campaigns can adversely affect public perception of the targeted enterprise as well the perception of market participants (i.e., investors). The result can halt trading on an exchange or influence a company’s stock price.

    Learn about DDoS against global financial markets

  • Extortion: DD4BC initiated small attacks and sent ominous emails threatening a larger attack – with a payout demanded via email to prevent an attack that would take down the site. Copycats followed, often with empty threats, hoping to capitalize on the fears of their targets. More recently, memcached attacks were turned into extortion with threats embedded in the attack payloads.

    Learn more about Extortion

  • State-sponsored: DDoS attacks are an inexpensive way for nations to disrupt the operations of an enemy, or for state-sponsored actors to hush free speech. Attacks launched by beteen nation-state actors could disrupt infrastructure such as hospitals and utilities.

    Learn about state-sponsored DDoS attacks

  • Competitors: While business competitors may seek to interfere with the operations of a competiting business, attacks are more common among another sort of competitor: gamers. There’s a long history of gamers using denial of service attacks targeted at a fellow user to kick that player off a platform temporarily – or to take down an entire rival gaming platform.

    Learn about a gaming network attack

What are the types of DDoS attacks?

Learn the difference between botnets and reflection

DDoS can be launched in two very different ways. With a botnet, the attacker must first infect and control many devices with malware. With reflection methods, an attacker does not need to control the resources, and instead uses the normal behavior of common Internet protocols and software to cause devices to send unwanted data to the attacker’s target.

New Era for DDoS: Memcached Reflection Attacks

Spotlight: Botnet attack
A variant of the Mirai (Satori) botnet involved more than 650,000 unique IP addresses. Internet of Things and customer premises equipment (CPE) devices are infected with malware. Once infected, a new bot joins its peers in scanning for additional vulnerable devices. Infected devices under an attackers control are commandeered to send DDoS traffic or perform other malicious tasks.

Learn about Mirai botnet and IoT attacks

Akamai Enterprise Threat Check

Spotlight: Reflection attack
The largest DDoS attack Akamai has mitigated was fueled by a reflector, memcached. This reflection and amplification attack targeted one of our software clients and exceeded 1 Tbps. Memcached was developed to act as a distributed memory caching system. Since the protocol uses an insecure internet protocol, and carries the potential for tremendous amplification, it has the key traits of a powerful reflection-based attack vector.

Video: Understanding DDoS Reflection – Memcached UDP

Spotlight on memcached reflection attacks

How much does a DDoS attack cost an organization?

Understand the business impact and damage from attacks

DDoS costs of $1.7 million per year per organization were identified in a survey of more than 500 IT and IT security professionals by Ponemon Institute. Five sources of cost are ranked: unavailable services, technical support, operational disruption, user productivity and theft or damage to assets.

View the infographic

Ponemon Institute: Trends in the Cost of Web Application & Denial of Service Attacks

DDoS cost calculator

How can you stop DDoS?

Watch DDoS attack mitigation in action

DDoS mitigation prevents malicious traffic from reaching its target, limiting the impact of the attack. Watch the video to see mitigation in action.

About Akamai Video Thumbnail
???Watch the Video???

What is a DDoS mitigation service?

Learn about two services that block DDoS attacks

DDoS mitigation filters out malicious traffic to prevent it from reaching its target. Attack traffic is blocked by either of these types of mitigation services: a DDoS scrubbing service, cloud-based DNS service, or a CDN-based web protection services. Cloud-based mitigation removes attack traffic before it reaches the target.

Learn about 8 Best Practices for DDoS Mitigation

DDoS Scrubbing Diagram

DDoS scrubbing
Unlike CDN-based mitigation, a DDoS scrubbing service can protect all applications in the data center, including web- and IP-based applications, even those not already being delivered by a CDN service. A DDoS scrubbing service utilizes BGP to route network traffic through its global scrubbing centers, where it can inspect the traffic for, and mitigate any identified DDoS attacks. A DDoS scrubbing service can be available both in on-demand and always-on configurations depending on an organization’s security posture.

Learn more about a DDoS scrubbing service

CDN Mitigation Diagram

CDN-based mitigation
A website protection service provider utilizes its CDN to provide network- and application-layer security for websites, web APIs and web applications. As a cloud-based proxy, the networks sits in front of IT infrastructure and delivers traffic from end-users to the websites and applications. The cloud platform examines network traffic for known attack patterns and passes only legitimate traffic. These solutions operate inline, so web assets are protected at all times without human interaction. Specifically built to handle large volumes of traffic, a CDN can be a DDoS-resilient platform.

Learn more about a CDN-based DDoS mitigation

What is a DDoS protection service?

Get help to prevent DDoS attack damage

A DDoS protection service is a cybersecurity provider that will detect and block DDoS attacks as quickly as possible – ideally in zero or a few seconds from the time that the attack traffic reaches the protection service. Because attack vectors keep changing and attack sizes keep getting bigger, to achieve the best DDoS protection a provider must continually invest in, develop and deploy tools and rules to detect, orchestrate and mitigate attacks.

What can I do about DDoS attacks?

Understand the difficulty of DDoS prevention

With a strong DDoS protection strategy and runbook in place, organizations can protect against and limit damage from DDoS attacks. The high capacity, high-performance and always-on anti-DDoS protection of cloud-based solutions can prevent malicious traffic from reaching a website or interfering with communication by a web API. A cloud-based scrubbing service can quickly mitigate attacks that target non-web assets, such as network infrastructure.


Learn more about DDoS prevention

Akamai DDoS Protection

Learn about our services

With cloud-based DDoS protection solutions for websites, web APIs, infrastructure, and DNS, Akamai can help you keep your applications and IT services available even through the largest attacks. Mitigating thousands of attacks every month, the Akamai Security Operations Center (SOC) sees new attack vectors before anybody else and institutionalizes lessons learned as to how to stop DDoS attacks fast. Akamai is a leader in DDoS protection.

Largest DDoS mitigation platform

With 70+ Tbps capacity

Fast mitigation

With industry-leading time-to-mitigate SLAs

Highly resilient

Architected for 100% uptime and minimal collateral damage

Global SOC

For 24/7/365 attack support

Proven effective

Stopping thousands of attacks every month

Protection Since 2003

Stopping DDoS attacks in the cloud since 2003