Why do ddos attack

Content on WhatAnswers is provided "as is" for informational purposes. While we strive for accuracy, we make no guarantees. Content is AI-assisted and should not be used as professional advice.

Last updated: April 8, 2026

Quick Answer: DDoS attacks overwhelm target systems with excessive traffic to disrupt services, often using botnets of compromised devices. In 2023, Cloudflare reported a 79% increase in DDoS attacks, with the largest reaching 71 million requests per second. These attacks can cost businesses up to $50,000 per hour in downtime and are frequently used for extortion, hacktivism, or competitive disruption.

Key Facts

DDoS attacks increased 79% globally in 2023 according to Cloudflare
The largest recorded DDoS attack in 2023 reached 71 million requests per second
Average DDoS attack duration is 4-6 hours but can last days
DDoS attacks can cost businesses $40,000-$50,000 per hour in downtime
Approximately 33% of all downtime incidents are caused by DDoS attacks

Overview

Distributed Denial of Service (DDoS) attacks represent a significant cybersecurity threat where attackers flood target systems with excessive traffic to disrupt normal operations. The concept dates back to 1999 when the first major DDoS attack targeted University of Minnesota, knocking 227 systems offline. By 2000, high-profile attacks against Yahoo!, eBay, and Amazon demonstrated the commercial impact. The evolution accelerated with the 2007 attacks against Estonian government systems, marking state-sponsored use. Today's landscape includes sophisticated attacks like the 2016 Mirai botnet that exploited 600,000 IoT devices to launch attacks exceeding 1 Tbps. The global DDoS protection market reached $4.7 billion in 2023, reflecting growing defense needs against these increasingly common threats that affect organizations worldwide regardless of size or sector.

How It Works

DDoS attacks operate through three primary mechanisms: volumetric attacks flood networks with traffic exceeding bandwidth capacity; protocol attacks exploit server resources through malformed packets; application-layer attacks target specific applications with seemingly legitimate requests. Attackers typically use botnets—networks of compromised devices like computers, IoT devices, or servers—controlled remotely. The attacker sends commands to these botnets to simultaneously target a victim's IP address. Common techniques include DNS amplification (reflecting small queries into large responses), SYN floods (exploiting TCP handshake), and HTTP floods (overwhelming web servers). Modern attacks often combine multiple vectors in multi-vector assaults that bypass basic defenses. Attackers frequently use reflection techniques that hide their identity by bouncing traffic off legitimate servers, making attribution difficult while maximizing impact.

Why It Matters

DDoS attacks have substantial real-world consequences beyond temporary service disruption. Financial institutions can lose millions during trading hours, while e-commerce sites suffer direct revenue loss and customer trust erosion. Critical infrastructure attacks, like the 2015 Ukrainian power grid incident, demonstrate risks to public safety. The average cost of a DDoS attack exceeds $120,000 for small businesses and millions for enterprises when considering remediation, lost revenue, and reputation damage. Beyond financial motives, DDoS serves political purposes (hacktivism), competitive sabotage, or as distraction while other cybercrimes occur. The rise of DDoS-for-hire services has democratized access, with prices starting at just $5 per hour, making these attacks accessible to non-technical actors and increasing overall threat frequency across all sectors.