Explainer: What is a DDoS cyberattack and how to know when it happens

The more the world is getting connected digitally, the more the risks of cybercrime have increased. In this article, we will focus on a specific type of cyberattack called the DDoS (pronounced ‘D-DOS’). First, you must be curious as to what this term means, which is a cross between initialism and an acronym and frankly, could be construed as both. Let’s try to understand.
What is meant by ‘DDoS’
DDoS stands for Distributed Denial of Service. In other words, a ‘denial of service’ to the regular online traffic of a particular website or service. In this type of cyberattack, the cyber perpetrators send a huge chunk of data over an online network/service/server to overwhelm it, to basically bring it down or make it stop functioning. When we say a huge chunk of data, we mean an enormous amount of internet traffic from a variety of sources. Once the online network/service/server is down and/or the infrastructure around the targeted server is affected, hackers can easily get into the system they want to use for their own gains.
Understanding what the hackers are trying to do
Imagine the regular online traffic to be like that on a busy road on a certain day. Now suppose someone managed (hypothetically) to introduce hundreds of vehicles at a certain point (the huge chunk of unexpected online traffic or the attack traffic), what would happen? The path would be so clogged that the regular online traffic would not be able to reach its destination (the intended server). This is what a DDoS attack does.
How does a DDoS cyberattack work
Hackers first send malware onto the network of computers/systems/IoT devices they wish to target. The devices get infected with the malware and they then naturally become a part of the infected network and function individually as Bots (or Zombies). The entire compromised network is called a Botnet.
Once the network of infected devices or a Botnet is built, the path for the hackers to exploit the devices is open and they can remotely control each Bot (or the malware-infected device) in the network. Now, each Bot sends requests to the target IP address, thus having a high chance of overwhelming it, which causes a denial-of-service’ to the regular online traffic. Since each Bot is a part of the victim’s own network of devices and a registered one, it is quite difficult to identify and separate the attack traffic from the regular traffic.
How to know if you are a victim of a DDoS attack
Whenever a website or an online service suddenly slows down or crashes, there are chances it has been targeted with a DDoS attack. Now, since the site can slow down or become unavailable due to a spurt in the regular traffic as well and also due to some other causes, online traffic analysis tools can help identify some of the classic signs of a DDoS attack. A few of these include huge surges in traffic from users with a single behavioral profile (like location, a particular device or web browser version), unusual and suspicious online traffic coming from a single IP address or IP range, an unexplained surge in requests for a single page or endpoint , sudden spikes in traffic at odd hours or at certain fixed time intervals, etc. We will discuss the various counter measures taken in our upcoming article.