A DDoS (distributed denial of service) is a type of attack on computer systems with the deliberate aim of making them unavailable. This can have far-reaching economic consequences for the victim. Unlike a straightforward DoS attack, in case of DDoS the system is attacked by many distributed computers. The attack can occur at the network level, application level or at a combination of both. These attacks generally involve the use of botnets (a huge number of « hijacked » systems that can be controlled remotely by the attacker) or misconfigured third party systems (for example Open DNS Resolver), which were forced by the attackers to send huge replies to the « wrong » addresses, namely to the target (amplification attacks). The data volume often reaches several hundred gigabits. Generally, a single organisation cannot cope with volumes of this size without external assistance. Firewalls and IPS (intrusion prevention systems) that have been configured accordingly offer limited assistance only.
The motivation behind such DDoS attacks is mostly political activism, extortion or damaging competitors.
An inaccessible website could mean a substantial financial loss for the website owner, especially if the attacked website is commercial. A DDoS attack is often accompanied by a monetary claim. The blackmailer demands money for stopping an existing attack or for not starting it. The fraudsters speculate that the victim pays to prevent negative consuequences derived from such an attack.
Effects and risks
- Any organisation can be hit by a DDoS attack
- Outage of the website
- Loss of reputation
- Loss of money