Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
One of the most important types of cyber attack to examine is the denial of service attack, which we refer to as a DOS / DDoS (Denial of Service Attack). A DDoS attack is an effective type of cyber attack that aims to prevent legitimate users from using a target system. This class of attack does not actually attempt to infiltrate a system or obtain sensitive information. Its sole aim is to prevent legitimate users from accessing the system. Information security’s CIA triad — Confidentiality, Integrity, and Availability — highlights availability as one of the three pillars of security, and a DDoS attack directly targets this principle by making a service unavailable.
DDoS stands for Distributed Denial of Service. In a DDoS attack, the attacker uses multiple compromised devices — often spread across many different geographic locations — to simultaneously flood a target system, server, or network with traffic, overwhelming its capacity and preventing legitimate requests from being processed.
Unlike a simple DoS (Denial of Service) attack, which originates from a single source, a DDoS attack is distributed across many sources. This distributed nature makes it much harder to defend against, since simply blocking one IP address has no meaningful effect on the overall attack volume. The traffic sources in a DDoS attack are typically compromised machines that form part of a botnet — a network of infected devices controlled by the attacker without the knowledge of their owners.
The attacker first builds or rents access to a botnet — a collection of compromised computers, servers, IoT devices, or other internet-connected systems that have been infected with malware and can be remotely controlled. When the attack is launched, the attacker instructs all of these devices to send traffic to the target simultaneously.
The target system — which may be a web server, DNS server, network infrastructure device, or an entire network — becomes overwhelmed with more requests or traffic than it can process. Its resources (CPU, memory, bandwidth, connection tables) are exhausted, and it is no longer able to respond to legitimate users. From the perspective of those users, the service appears to be unavailable or extremely slow — the denial of service has been achieved.
DDoS attacks can be broadly categorised by the layer of the OSI model they target. Volumetric attacks (Layer 3/4) aim to saturate the bandwidth of the target or its upstream providers with massive amounts of traffic — examples include UDP floods, ICMP floods, and amplification attacks such as DNS amplification and NTP amplification. Protocol attacks (Layer 4) exploit weaknesses in network protocols to consume server or network device resources — SYN floods are a classic example. Application layer attacks (Layer 7) target web servers and applications with requests that appear legitimate but are designed to exhaust server resources — HTTP floods and Slowloris attacks fall into this category.
The consequences of a DDoS attack depend on the target and its criticality. For an e-commerce website, even a short period of unavailability can mean significant revenue loss and reputational damage. For critical infrastructure — hospitals, financial institutions, telecommunications providers, government services — a DDoS attack can have far more serious consequences. DDoS attacks are also sometimes used as a distraction, keeping security teams occupied while a more targeted intrusion takes place elsewhere in the network.
You May Be Interested In These
