DDoS — Distributed Denial of Service

A Distributed Denial of Service (DDoS) attack disrupts the availability of a target system, service, or network by overwhelming it with a flood of traffic from multiple distributed sources. DDoS attacks are one of the most common and visible forms of cyberattack, targeting the availability dimension of the CIA triad.

Types of DDoS Attacks

• Volumetric attacks flood the target's network bandwidth with massive amounts of traffic, often using amplification techniques that multiply the attack traffic through intermediary services
• Protocol attacks exploit weaknesses in network protocol implementations (such as SYN floods or fragmented packet attacks) to exhaust server resources or intermediate equipment like firewalls and load balancers
• Application-layer attacks target specific applications with seemingly legitimate requests designed to exhaust server processing capacity, making them harder to distinguish from normal traffic

DDoS as a Smokescreen

DDoS attacks are sometimes used as a distraction while a more targeted intrusion occurs elsewhere in the environment. While the security team focuses on mitigating the visible DDoS, the attacker conducts data exfiltration, deploys ransomware, or establishes persistence through a separate attack vector. Incident response teams should always investigate whether a DDoS event is masking other malicious activity.

DDoS Response Considerations

Effective DDoS mitigation combines pre-positioned defenses with real-time response. Organizations should have DDoS mitigation services in place before an attack occurs -- cloud-based scrubbing services, CDN-based protection, or ISP-level filtering. During an active DDoS, the incident commander must coordinate between the mitigation provider, internal network operations, and business stakeholders to manage impact and communications. Post-incident, the AAR should assess whether the attack was standalone or part of a broader campaign.

DDoS and Business Impact

The business impact of DDoS depends on the organization's dependence on the targeted services. For e-commerce companies, even minutes of downtime translate directly to lost revenue. For critical infrastructure, DDoS can disrupt essential services. For all organizations, DDoS events create customer-facing impact that requires communications management. The incident response plan should include DDoS-specific communication templates and escalation procedures pre-positioned for rapid deployment.