DDoS
A cyber attack in which thousands of compromised devices send huge numbers of requests to a target system to overwhelm it and make it unavailable.
DDoS (Distributed Denial of Service) attacks are among the most common and feared cyber threats. In 2025 over 15 million DDoS attacks were recorded worldwide – and the trend is rising. A successful DDoS can take down websites, APIs and entire IT infrastructures for minutes to days and causes average costs of €20,000–40,000 per hour of downtime. The good news: with the right preparation and modern protection, DDoS attacks can be effectively mitigated.
What is DDoS?
A DDoS attack is a cyber attack in which an attacker uses a network of compromised devices (botnet) to overwhelm a target with a flood of requests. Unlike a simple DoS (from one machine), DDoS traffic comes from thousands to millions of distributed sources, making defence much harder. Types include volumetric attacks (e.g. UDP flood) that saturate bandwidth, protocol attacks (e.g. SYN flood) that exhaust server resources, and application-layer attacks (e.g. HTTP flood) targeting web apps. Modern attacks often combine all three.
How does DDoS work?
The attacker first builds a botnet – compromised computers, IoT devices (cameras, routers) or cloud instances. A command-and-control server triggers the attack. All bots send requests to the target at once; volumetric attacks can reach several terabits per second. The target server or upstream network is overloaded and legitimate users cannot reach the service. Modern attacks use amplification (e.g. DNS amplification) where small requests trigger large responses and multiply attack traffic.
Practical Examples
The 2016 Mirai botnet used hundreds of thousands of IoT devices and took down DNS provider Dyn – Twitter, Netflix, Reddit and Spotify were unreachable for hours.
A German online shop is hit with a 50 Gbit/s attack during Black Friday week – thanks to Cloudflare DDoS Protection the shop stays up and the attack is mitigated.
A competitor hires DDoS-as-a-Service for €50 and takes down a rival’s site for hours – a growing form of cybercrime.
A gaming server is hit with an application-layer attack on resource-heavy API endpoints and the database is overwhelmed.
A bank defends against a multi-vector attack: volumetric UDP flood plus targeted HTTP flood on the login page – only multi-layer defence succeeds.
Typical Use Cases
Website protection: CDN and WAF protect public sites from overload
API protection: Rate limiting and anomaly detection protect APIs from layer-7 DDoS
Infrastructure protection: Network-level DDoS mitigation at cloud and hosting providers
Gaming & streaming: Protection for real-time services that are attractive DDoS targets
Finance: Multi-layer DDoS defence for regulated, high-availability platforms
Advantages and Disadvantages
Advantages
- Modern DDoS services detect and filter attacks automatically within seconds
- CDN-based protection absorbs attack traffic across a global network
- ML-based detection increasingly distinguishes legitimate traffic from attacks
- Always-on protection: Services like Cloudflare or AWS Shield protect continuously
- Scalable defence: Cloud mitigation scales with attack volume
Disadvantages
- Cost: Enterprise DDoS protection can cost several thousand euros per month depending on bandwidth and level
- No 100% guarantee: Very large or novel attacks can overwhelm even professional services briefly
- Latency: Mitigation proxies can slightly increase response time for legitimate users
- False positives: Aggressive filtering can block legitimate users or bots
Frequently Asked Questions about DDoS
How can I protect against DDoS attacks?
What does a DDoS attack cost a company?
Are DDoS attacks illegal?
Related Terms
Want to use DDoS in your project?
We are happy to advise you on DDoS and find the optimal solution for your requirements. Benefit from our experience across over 200 projects.