DDoS Attack (Distributed Denial-Of-Service Attack)

A DDoS attack is a large-scale cyberattack designed to disrupt online services by overwhelming them with traffic from multiple sources.

Definition

A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to make a server, website, or network unavailable by flooding it with excessive requests from numerous distributed devices. These devices are typically part of a botnet-compromised computers or IoT systems controlled remotely by an attacker. By exceeding the target system’s processing or bandwidth capacity, legitimate user requests cannot be handled, resulting in slowdowns or complete outages. DDoS attacks are commonly used in cybercrime, competitive disruption, and as part of broader attack strategies against web infrastructure.

Pros

• Can expose scalability limits and weaknesses in network infrastructure
• Used in controlled environments for stress testing and resilience evaluation
• Helps improve anti-bot and traffic filtering systems when analyzed
• Provides data for training AI-based anomaly detection models

Cons

• Causes service downtime, leading to financial and reputational damage
• Consumes bandwidth and server resources, degrading performance
• Difficult to mitigate due to distributed and often legitimate-looking traffic
• May be used to distract from other attacks like data breaches

Use Cases

• Cybercriminals disrupting websites or APIs to extort businesses
• Attackers targeting anti-bot systems or CAPTCHA endpoints to bypass protections
• Competitors attempting to degrade availability of online services
• Security teams simulating traffic floods to test DDoS mitigation strategies
• Botnet operators leveraging infected devices for coordinated attack campaigns