Skip to content
NeoGuard

DDoS (Distributed Denial of Service)

An attack that floods a website, server, or network with traffic from thousands of sources simultaneously, overwhelming it and making it unavailable to legitimate users.

A DDoS attack (Distributed Denial of Service) overwhelms a target with traffic from many sources at once, making it unavailable. Unlike other cyberattacks that aim to steal data, DDoS attacks aim to disrupt. The “distributed” part means the traffic comes from thousands of compromised devices (a botnet), making it difficult to block by IP address alone.

How DDoS Attacks Work

  1. An attacker builds or rents a botnet: a network of devices infected with malware (computers, IoT devices, servers)
  2. The botnet is directed to flood the target with traffic simultaneously
  3. The target’s servers, bandwidth, or application layer become saturated
  4. Legitimate users can no longer access the service

Modern DDoS attacks can generate traffic volumes exceeding 1 Tbps. Even smaller attacks can take down unprepared targets.

Types of DDoS

  • Volumetric: Floods bandwidth with massive traffic (UDP floods, DNS amplification). The most common type.
  • Protocol: Exploits weaknesses in network protocols to exhaust server resources (SYN floods, Ping of Death).
  • Application layer: Targets specific services (HTTP floods that look like legitimate web requests). Harder to detect because each request appears normal.

Impact on Businesses

  • Revenue loss: Every minute of downtime costs money, especially for e-commerce and SaaS
  • Reputation damage: Customers lose trust if services are repeatedly unavailable
  • Distraction: DDoS attacks are sometimes used as cover while attackers breach systems through other vectors
  • Extortion: Ransom DDoS (RDDoS) threatens an attack unless payment is made

Protection

  • Firewall and rate limiting: A first line of defense that can filter obvious attack traffic and limit request rates.
  • CDN/DDoS protection services: Cloudflare, AWS Shield, or Akamai absorb and filter attack traffic before it reaches your servers.
  • Traffic analysis: Behavioral monitoring to distinguish attack traffic from legitimate spikes.
  • Anycast routing: Distributes traffic across multiple data centers, preventing any single point from being overwhelmed.
  • Incident plan: Have a documented response plan, including contact details for your hosting provider and DDoS mitigation service.

DDoS in Switzerland

Swiss financial institutions, government services, and e-commerce platforms are regular targets. The BACS has reported increasing DDoS activity tied to geopolitical events, with attacks often coinciding with political decisions or international summits hosted in Switzerland.

Related Terms

FirewallMalwareBACS (Federal Office for Cybersecurity)