The aim is to interrupt normal operation of the application or site, so it appears offline to any visitors.

“A DDoS puts so much traffic in the queue that your browser thinks the site is offline, and gives up,”

To do this attackers build, or buy, a large enough “Zombie network” or botnet to take out the target. Botnets traditionally consisted of consumer or business PCs, conscripted into the network through malware. More recently, internet of things devices have been co-opted into botnets.

“If we look at the DynDNS attack of 2016, one of the largest DDoS attacks to date, the attack occurred in phases,” says Allen.

“It first appeared in a single region and then expanded to a concerted global effort from millions of computers that had been breached and turned into a botnet.”

“UDP amplification gives threat actors asymmetric DDoS power,” he tells The Daily Swig. “The most recently discovered UDP amplification attacks can magnify the traffic of one host by a factor of 10,000 or more. When combined with traditional botnets, this gives attackers enough DDoS power to affect ISPs.”

A botnet attack is believed to hold the current DDoS record, flooding Russian tech giant Yandex with nearly 22 million HTTP requests per second in 2021 – a technique called HTTP pipelining.

This eclipsed the previous record held by a memcached UDP amplification attack – which doesn’t need botnets – since 2018. It notched 1.7tbps of bandwidth.

/Postwinger/