Distributed denial of service attack (DDoS) definitions:
A distributed denial of service (DDoS) attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server.A DDoS attack is launched from numerous compromised devices, often distributed globally. It is distinct from other denial of service (DoS) attacks, in that it uses a single Internet-connected device (one network connection) to flood a target with malicious traffic. This nuance is the main reason for the existence of these two, somewhat different, definitions.
DDoS is a distributed denial-of-service attack where compromised systems are used to cause a failure of the targeted server, service or network by overwhelming the target or its supporting infrastructure with a flood of simultaneous internet traffic. The attackers commonly utilize previously infected computer systems such as other servers, home computers or Internet-of-Things devices to achieve much higher attack volume than would be possible with a single source network connection. Additionally, some attacks may exploit vulnerabilities or insecure features to redirect responses to queries to amplify the attack.
Broadly speaking, DoS and DDoS attacks can be divided into three types:
Volume Based Attacks
Includes UDP floods, ICMP floods, and other spoofed-packet floods. The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in packets per second (Pps).
Application Layer Attacks
Includes low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows or OpenBSD vulnerabilities and more. Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second (Rps).
Motivation behind DDoS attacks
DDoS attacks are quickly becoming the most prevalent type of cyber threat, growing rapidly in the past year in both number and volume according to recent market research. The trend is towards shorter attack duration, but bigger packet-per-second attack volume.
Attackers are primarily motivated by:
Ideology – So called “hacktivists” use DDoS attacks as a means of targeting websites they disagree with ideologically.
Business feuds – Businesses can use DDoS attacks to strategically take down competitor websites, e.g., to keep them from participating in a significant event, such as Cyber Monday.
Boredom – Cyber vandals, a.k.a., “script-kiddies” use prewritten scripts to launch DDoS attacks. The perpetrators of these attacks are typically bored, would-be hackers looking for an adrenaline rush.
Extortion – Perpetrators use DDoS attacks, or the threat of DDoS attacks as a means of extorting money from their targets.
Cyber warfare – Government authorized DDoS attacks can be used to both cripple opposition websites and an enemy country’s infrastructure.