DDoS (or a distributed denial of service) attack is an attempt to make service delivery impossible.  Basically, it’s blocking access to whatever target is chosen: devices, servers, networks and even particular transactions within applications. DoS (denial of service) happens when one system is sending disruptive data or requests; a DDoS – is an attack coming from multiple sources.
In simple words, we are talking about flooding a targeted system with data requests. Either it’s a server requesting a web-page so many times that it crashes, or it’s a database drowned in a “tsunami” of queries. Internet bandwidth, RAM and CPU simply cannot handle such an overload. This can result in a range of consequences from minor disruptions to websites or even companies experiencing total internet shutdown.


The engine of any DDoS attack is a botnet. A botnet is a network of hundreds (or even thousands) “zombies” or “bots” – machines infected by a hacker with malware through phishing, malvertising, and other mass cybercrime techniques. It can even be your home PC or CCTV camera in your office. Continuing to work as usual these systems might be recruits of a malicious botnet.

“Zombie” machines wait in standby mode until a command from the main server (so-called “command-and-control server”, which is often also a hacked machine) launches an attack. Bots engage multiple attempts to access the target, which is of course a normal practice, but because there is an enormous amount of them, the targeted system soon gets overwhelmed.

Taking into account that it is done by ordinary computers spread across the web, it is very difficult or impossible to cut off their traffic without blocking the rest of fully entitled users simultaneously


  • Spoofing

Changing IP packet header information that tells you where it’s from. If a victim cannot detect the real source of attack, it cannot be blocked.

  • Reflection

IP address is spoofed in a way that it looks like it’s coming from the victim. A compromised packet is sent to a third-party system, which “replies” back to the victim.

It is very hard to detect the real source of the attack reflected in such a way.

  • Amplification

Victims are tricked into replying with very large or multiple packets.

Using all three techniques in one attack (called reflection/amplification DDoS) is an increasing trend among modern hackers.


The 2007 Estonia attack

April, 2007. Estonia is hit with a large-scale DDoS attack of government services, financial institutions, and media. As an early adopter of online government (even elections were online) Estonia experienced a heave impact, that was a response to a political conflict with Russia over the relocation of World War II monument. This case is considered to be the first known act of cyber warfare.

The 2017 Google attack

September, 2017. The biggest DDoS attack ever hit Google services in a scale of 2.54 Tbps.

Spoofed packets were sent to 180,000 web servers, which responded to Google. It was a peak of a 6 months period of multiple DDoS attacks targeted at Google’s infrastructure. Google Cloud acknowledged the attack only in October 2020.

The 2022 Russia-Ukraine cyber warfare

February 24. Since the date of invasion to the territory of Ukraine, Russia has launched a series of cyber-attacks against internet and infrastructure services of Ukraine.

Reportedly Ukraine is successfully defending with such cases of counteroffensive as massive DDoS attacks against Roscosmos (Russian space agency) and Rostec

(Russian aerospace and defense conglomerate).

  • IT services