{
	"id": "55c23b9c-b4e6-4b3f-beaf-7057f7d5dcb3",
	"created_at": "2026-04-06T00:07:01.868412Z",
	"updated_at": "2026-04-10T13:11:20.600784Z",
	"deleted_at": null,
	"sha1_hash": "6c1ffb4fac541fcbf8c9b2ee3f309893951a7c9f",
	"title": "Distributed Denial-of-Service (DDoS)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 55166,
	"plain_text": "Distributed Denial-of-Service (DDoS)\r\nArchived: 2026-04-05 22:00:56 UTC\r\nA tool favored by many threat actors, Distributed Denial-of-Service (DDoS) attacks seek to make a targeted\r\nmachine or network resource unavailable to its users. They use overwhelming amounts of traffic, such as\r\nincoming messages, connection requests, and malformed packets. This substantially slows the system, or forces it\r\nto crash.\r\nIn this article, we explore how DDoS attacks work, types of DDoS attacks, and their damaging impact. We also\r\nprovide tips on how to prepare for, prevent, and respond to a DDoS attack.\r\nHow Distributed Denial of Service Attacks Work\r\nTo accomplish this, a distributed denial-of-service attack uses a botnet. A botnet is a network of computers\r\ncontrolled by malware. It sends requests to the target’s IP address. The use of botnets distinguishes DDoS attacks\r\nfrom DoS (Denial-of-Service) attacks. In a DoS attack, overloading traffic is sent from only one attacking\r\nmachine. Botnets make attacks appear to come from multiple devices and locations. This makes them difficult to\r\ndefend against.\r\nDDoS activity is seeing a major increase. Sources state that over six million attacks were observed in 2022 H1.\r\nOrganizations should also be aware that this trend will likely continue. This is because botnets are becoming more\r\npublicly available via crimeware. This allows an individual to rent DDoS capabilities via illicit marketplaces. It\r\nenables low-skilled individuals or groups to perform more complex attacks. Threat actors can also use\r\nvulnerability exploits to conduct DDoS attacks.\r\nTypes of DDoS Attacks\r\nIn general, there are three types of DDoS attacks: application layer attacks, network layer attacks, and volumetric\r\nattacks. Organizations should also be aware that DDoS attacks can be achieved by exploiting the vulnerabilities\r\naffecting their IT resources. Modern attacks use a variety of DDoS tools, like booters or stressors. Tactics can be\r\nused alone, or combined for more complex, multi-vector attacks.\r\nApplication Layer Attacks\r\nThe application layer of a network connection is where a server creates a response to a request. For example,\r\nloading a webpage in response to a user entering an HTTP request in their browser. Application layer attacks make\r\nrepeated requests to overwhelm the server. These attacks are categorized as “layer 7.”\r\nNetwork Layer Attacks\r\nNetwork layer attacks focus on an earlier stage in a network connection. They exhaust server resources like\r\nfirewalls or routing engines. For example, an attacker may overwhelm a target server with SYN packets. These\r\nhttps://www.flashpoint-intel.com/blog/wirex-botnet-industry-collaboration/\r\nPage 1 of 4\n\npackets are used to start a secure connection between two computers. These attacks are categorized as “layer 4,”\r\nwhich denotes attacks at the transport layer such as TCP.\r\nVolumetric Attack\r\nVolumetric attacks overwhelm the target server’s bandwidth. They usually do this by making repeated queries to\r\nan open domain name system (DNS) resolver using the target’s own IP address. In other words, the attacker makes\r\nmultiple requests to DNS resolvers. This makes it look like they’re coming from the target server.\r\nThe Impact of DDoS Attacks\r\nAny business or industry can be at-risk of a DDoS attack. This is because most organizations have internet-facing\r\nwebsites or assets. Furthermore, DDoS attacks can cause lengthy shutdowns and downtime. This can result in\r\nmajor financial losses, customer dissatisfaction, and reputational loss. According to Imperva, the average attack\r\ncan cost victims around $500,000 total or $40,000 per hour of downtime.\r\nDDoS attacks can also cause data loss. They can mask other cybercriminal activities that could breach the target’s\r\nsecurity. More serious attacks can prompt civil unrest or be considered a type of warfare. These are attacks\r\nleveraged by advanced persistent threat (APT) groups. An example is the Russian-Ukraine War, where Russian\r\nhackers DDoS’d Ukrainian government portals and banking websites days before the invasion. According to\r\nKaspersky, DDoS attack volumes have increased 4.5 times since the conflict first began.\r\n“In Q1 2022 we witnessed an all-time high number of DDoS attacks. The upward trend was largely\r\naffected by the geopolitical situation…Some of the attacks we observed lasted for days and even weeks,\r\nsuggesting that they might have been conducted by ideologically motivated cyberactivists. We’ve also\r\nseen that many organizations were not prepared to combat such threats.”ALEXANDER GUTNIKOV,\r\nKASPERSKY\r\nIn addition, it is reported that the sophisticated and powerful DDoS tools developed for the war are being adopted\r\nby other threat actors worldwide.\r\nDDoS Attack Targets\r\nIn 2023, analysts observed a large increase in DDoS attacks on various industries. Major tech companies have\r\nreported on reducing the largest DDoS attacks in 2023. Cloudflare reported that automatically identified and\r\nreduced DDoS attacks have increased by 65 percent in Q3. Computers and servers were the top targets for DDoS\r\nattacks, accounting for 92 percent of attacks carried out. Attack length and frequency decreased by 55 percent.\r\nHowever, attack size grew exceptionally by 233 percent.\r\nIn August 2023, a major search engine detected and successfully reduced a DDoS attack. It peaked at 398 million\r\nrequests per second. This attack has been one of the largest DDoS attacks conducted so far. Another large tech\r\ncompany also reported an unusual increase in HTTP/2 requests. This peaked at 155 million requests per second in\r\nlate August.\r\nSteps to Prevent DDoS Attacks\r\nhttps://www.flashpoint-intel.com/blog/wirex-botnet-industry-collaboration/\r\nPage 2 of 4\n\nOne out of five companies with over 50 employees have been a victim of at least one DDoS attack. The\r\nproliferation of DDoS means that attempts against your organization may occur—but there are still some\r\nstrategies you can use to proactively identify, or prevent and minimize damage from an attack:\r\n1. Monitor network traffic for abnormal activities. This includes unexpected traffic influxes, traffic\r\noriginating from suspicious locations, slow servers, or even an increase in spam emails—signs that an\r\nattack could be imminent.\r\n2. Plan an attack response proactively. This could involve simulation testing or establishing procedures for\r\nIT personnel and other impacted stakeholders in the event of an attack.\r\n3. Filter legitimate traffic from DDoS traffic by using mitigation strategies like black hole routing, rate\r\nlimiting, or a web application firewall.\r\n4. Identify exploitable vulnerabilities using tools like Flashpoint’s VulnDB. In addition to disrupting traffic,\r\nattacks may also leverage vulnerabilities within an organization’s applications. Having\r\ncomprehensive vulnerability intelligence allows organizations to patch vulnerabilities before they’re\r\nexploited.\r\n5. Track publicly-available websites, like paste bins, social media, or forums, for conversations that may\r\nindicate a potential attack. Specialized open source intelligence tools like Echosec allows users to uncover\r\nhidden threats on a variety of sources, like the dark web.\r\n6. Stay informed on the latest malware trends. Threat actors are constantly finding new ways to\r\ncompromise their victims. Staying up-to-date on malware strains such as Mirai, Meris, and Androxgh0st is\r\ncritical. Therefore, using a comprehensive source of threat intelligence is vital.\r\nStay Prepared with Flashpoint\r\nIndustry research shows that DDoS attacks are not only on the rise, but their approaches are becoming more\r\nsophisticated. While the Russia-Ukraine war is primarily responsible for this, nevertheless, these types of attacks\r\nwill continue to plague organizations. However, organizations do have tools and strategies that can help them\r\nmitigate the risk that DDoS attacks can introduce. Request a demo to gain visibility into threat actor channels and\r\nactivity.\r\nFrequently Asked Questions (FAQ)\r\nQ: What is a DDoS attack and what is a botnet?\r\nA: A DDoS attack makes a targeted network resource unavailable by overwhelming it with requests. It achieves\r\nthis by using a botnet, which is a network of compromised computers that send traffic from multiple locations,\r\nmaking the attack difficult to defend against.\r\nQ: What are the three main types of DDoS attacks?\r\nA: The three main types are Application Layer Attacks (which overwhelm the server’s response process, or Layer\r\n7), Network Layer Attacks (which exhaust server resources like firewalls, or Layer 4), and Volumetric Attacks\r\n(which overwhelm the target’s network bandwidth).\r\nhttps://www.flashpoint-intel.com/blog/wirex-botnet-industry-collaboration/\r\nPage 3 of 4\n\nQ: How does Flashpoint intelligence help organizations prevent DDoS risks?\r\nA: Flashpoint helps by providing vulnerability intelligence (VulnDB) to patch exploited flaws used to launch\r\nattacks. Flashpoint also offers Open Source Intelligence (OSINT) tools to track public and illicit forums for threat\r\nactor chatter that may indicate an imminent attack.\r\nSource: https://www.flashpoint-intel.com/blog/wirex-botnet-industry-collaboration/\r\nhttps://www.flashpoint-intel.com/blog/wirex-botnet-industry-collaboration/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.flashpoint-intel.com/blog/wirex-botnet-industry-collaboration/"
	],
	"report_names": [
		"wirex-botnet-industry-collaboration"
	],
	"threat_actors": [],
	"ts_created_at": 1775434021,
	"ts_updated_at": 1775826680,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6c1ffb4fac541fcbf8c9b2ee3f309893951a7c9f.pdf",
		"text": "https://archive.orkl.eu/6c1ffb4fac541fcbf8c9b2ee3f309893951a7c9f.txt",
		"img": "https://archive.orkl.eu/6c1ffb4fac541fcbf8c9b2ee3f309893951a7c9f.jpg"
	}
}