Distributed denial-of-service (DDoS) is considered one of the ‘original’ network-based cyberattacks and for good reason. One of the earliest known DDoS attacks occurred 20 years ago and was targeted at the University of Minnesota. It used a script that caused more than 100 computers to send junk packets out to the network, which overwhelmed it and knocked out the university computer. With the success of this attack, it was not long before we saw copycat attacks occur at websites like Yahoo, Amazon and CNN.
Fast forward to 2019 and DDoS is still here. We’ve seen some large scale attacks in the ensuing years, with some of the more famous ones including Spamhaus in 2013, the massive GitHub outage in 2018 and the attack on DNS provider Dyn, which used the Mirai botnet and took Twitter, Netflix, CNN, Reddit and many other big name sites offline. These attacks targeted network services and were broad scale in their effect.
More recently, we’ve seen a shift as attackers move away from simply sending out broadcast traffic for massive disruption toward more complex and targeted attacks operating at the application layer of the network, with the ability to take down specific applications or services. These attacks are more complex to detect since the traffic looks legitimate but they can be more damaging because the end result is loss of business due to application unavailability.