What is a DDoS attack?
A distributed denial-of-service (DDoS) attack targets websites and servers by disrupting network services.
DDoS attacks defined
A DDoS attack targets websites and servers by disrupting network services in an attempt to exhaust an application’s resources. The perpetrators behind these attacks flood a site with errant traffic, resulting in poor website functionality or knocking it offline altogether. These types of attacks are on the rise.
DDoS attacks are wide-reaching, targeting all sorts of industries and company sizes worldwide. Certain industries, such as gaming, ecommerce, and telecommunications, are targeted more than others. DDoS attacks are some of the most common cyberthreats, and they can potentially compromise your business, online security, sales, and reputation.
How DDoS attacks work
During a DDoS attack, a series of bots, or botnet, floods a website or service with HTTP requests and traffic. Essentially, multiple computers storm one computer during an attack, pushing out legitimate users. As a result, service can be delayed or otherwise disrupted for a length of time.
It’s possible that hackers can also infiltrate your database during an attack, accessing sensitive information. DDoS attacks can exploit security vulnerabilities and target any endpoint that is reachable, publicly, through the internet.
Denial-of-service attacks can last hours, or even days. These cyber assaults can also cause multiple disruptions throughout a singular attack. Both personal and business devices are susceptible to them.
Types of DDoS attacks
There are several types of DDoS attacks. DDoS attacks fall under three primary categories: volumetric attack, protocol attack, and resource layer attack.
- A volumetric attack overwhelms the network layer with what, initially, appears to be legitimate traffic. This type of attack is the most common form of DDoS attack. An example of a volumetric attack is DNS (Domain Name Server) amplification, which uses open DNS servers to flood a target with DNS response traffic.
- A protocol attack causes a service disruption by exploiting a weakness in the layer 3 and layer 4 protocol stack. One example of this is a synchronized or SYN attack, which consumes all available server resources.
- A resource (or application) layer attack targets web application packets and disrupts the transmission of data between hosts. Examples of this type of attack include HTTP protocol violations, SQL injection, cross-site scripting, and other layer 7 attacks.
Cyber-attackers might use one or multiple types of attacks against a network. For instance, an attack might start off as one class of attack and then morph into or combine with another threat to wreak havoc on a system.
Additionally, there are a variety of cyberattacks within each category. The number of new cyberthreats is on the rise, and expected to climb, as cybercriminals become more sophisticated.
If you suspect your network is under attack, it’s important that you act fast—on top of downtime, a DDoS attack can leave your organization vulnerable to other hackers, malware, or cyberthreats.
How to detect and respond to a DDoS attack
While there’s no one way to detect a DDoS attack, there are a few signs your network is under assault:
- You see a surge in web traffic, seemingly out of nowhere, that’s coming from the same IP address or range.
- You experience slow or irregular network performance.
- Your website, online store, or other service goes completely offline.
Modern software solutions can help determine potential threats. A network security and monitoring service can alert you to system changes so that you can respond quickly.
You also want to have a DDoS-attack action plan—with defined roles and procedures—so your team can take swift and decisive action against these threats. It’s important to remember that not all DDoS attacks are the same; you’ll need different response protocols in place to mitigate different attacks.
How to prevent DDoS attacks
Before a cyberthreat is on your radar, you’ll want to have a process for one in place. Preparedness is key to promptly detecting and remedying an attack.
Here are suggestions for putting together an action plan:
- Develop a denial-of-service defense strategy to help detect, prevent, and reduce DDoS attacks.
- Identify gaps in security and assess potential threats to your setup.
- Update any protection software or technology and ensure it’s working correctly.
- Get your team on board and assign roles in the event of an attack.
It’s essential that you boost your efforts with products, processes, and services that help you secure your business. That way, once a threat is detected, your team is knowledgeable and empowered to act on it.
DDoS protection
Guard your network against future attacks. To help secure your business:
- Conduct a risk analysis on a regular basis to understand which areas of your organization need threat protection.
- Organize a DDoS-attack response team whose focus is to identify and mitigate attacks.
- Incorporate detection and prevention tools throughout your online operations, and train users on what to look out for.
- Evaluate the effectiveness of your defense strategy—including running practice drills—and determine next steps.
DDoS attack protection comes in many forms—from online resources to monitoring software to threat-detection tools. Learn how to thwart malicious attacks with the help of industry-leading, trusted Microsoft security experts.
Minimize your risk of a DDoS attack
Through securing your clouds and platforms, integrated security tools, and rapid response capabilities, Microsoft Security helps stop DDoS attacks across your entire organization.
Secure your organization online
Cyberthreats like DDoS attacks and malware can harm your website or online service, and negatively affect functionality, customer trust, and sales.
Detect, defend, and secure your organization. With integrated threat protection products and expert resources, you can better protect your business, online operations, and sensitive data. Learn more.
Stay vigilant against threats
DDoS attacks are prevalent and cost businesses anywhere from thousands to even millions of dollars a year. With proper planning, solid resources, and trusted software, you can help minimize your risk of attack.
Stop security breaches
Stay two steps ahead. Protect against threats across devices—and identities, apps, email, data, and cloud workloads—and learn how to close gaps. Secure your platforms, get leading security tools, and empower rapid response.
Embrace Zero Trust
Adapt to the complexity of the modern environment. Adopt Zero Trust solutions to inform your strategy and gain important insights.
Develop a strategy
Secure your organization. Create a DDoS defense strategy to detect and prevent malicious threats from harming your operation online.
Explore valuable resources
Evolving Zero Trust
Learn how real-world deployments and attacks are shaping the future of Zero Trust strategies.
Microsoft Defender XDR
Disrupt cross-domain attacks with the expanded visibility and unrivaled AI of a unified XDR solution.
Microsoft Security Response Center
Engage with The Microsoft Security Response Center, part of the defender community.
Microsoft Defender for Cloud
Defender for Cloud is a tool for security posture management and threat protection.
Microsoft Defender for Endpoint
Secure endpoints across multiple operating systems, IoT, and network devices.
Microsoft Digital Defense Report
Learn diverse and timely insights into cyberthreats to create successful defense strategies.
Global threat activity
Get a window into malware activity around the world and across different industries.
Frequently asked questions
-
When it comes to a DDoS attack, any size organization—from small to large and every size in between—is susceptible to cyberattacks. Even AWS thwarted a major attack in 2020.
Businesses with security gaps or vulnerabilities are especially at risk. Make sure you have updated security resources, software, and tools to get ahead of any potential threats. It’s essential for all businesses to protect their websites against DDoS attacks.
-
An example of a DDoS attack would be a volumetric attack, one of the largest categories of DDoS attacks. In this type of attack, a cybercriminal overwhelms a website with illegitimate traffic. As a result, the website might slow down or stop working, edging out real users who are trying to access the site.
On top of slow or otherwise disrupted service, DDoS attacks can negatively affect online security, brand trust, and sales.
-
No, a firewall alone is typically not enough to stop a DDoS attack. A firewall acts as a protective barrier against some malware and viruses, but not all of them. A firewall is helpful in protecting your computer against cyberthreats but can only offer so much protection. Therefore, it’s important that you incorporate other threat detection, prevention, and protection tools.
-
Cybersecurity refers to the people, software, tools, and processes that go into protecting networks, computers, and other cyberspace operations. This expansive field aims to protect users from malicious, illegal, or unauthorized access, as well as thwart DDoS attacks, malware, and viruses.
-
A DDoS attack can last anywhere from a couple of hours to a couple of days. One attack might last four hours, while another might last a week (or longer). DDoS attacks can also happen once or repeatedly over a period of time and consist of more than one type of cyberattack.
-
An Application Layer 7 attack is an example of a resource (application) layer attack. This type of cyber assault targets the top layer in the OSI (Open Systems Interconnection) model, attacking target web application packets to disrupt the transmission of data between hosts.
Follow Microsoft Security