What is a DDoS attack?
A DDoS attack (Distributed Denial of Service) is an attack in which a large number of systems simultaneously flood a network, server or application with traffic. This overloads the systems and makes them unreachable for legitimate users.
DDoS attacks are among the most common forms of cyber incidents and can have serious consequences for availability, service delivery and reputation.
🎯 Examples of DDoS attacks
| Category | Examples |
|---|---|
| Volumetric | Attack with vast amounts of traffic (e.g. via UDP flood, ICMP flood) |
| Protocol attack | Abuse of network protocols such as SYN flood or Ping of Death |
| Application-layer attack | Targeted at web servers or APIs, for example via HTTP GET flood |
| Botnet-based | Attack carried out via thousands of infected IoT devices or Mirai bots |
| OT-specific | Overload of HMI servers or network segments within SCADA environments |
🧯 When is something a DDoS attack?
A DDoS attack is typically recognised by:
- A sudden overload or unavailability of services
- Unexplained spikes in incoming network traffic
- Reduced performance or time-outs in ICS applications
- Monitoring and logging tools alerting on repeated connection attempts
🔁 DDoS vs. other network incidents
| DDoS attack | Other network outages |
|---|---|
| Deliberate and externally caused | Often caused by internal errors or faults |
| Coordinated from multiple sources | A single system or segment involved |
| Aimed at overloading | Aimed at disruption or failure |
| Often part of a broader attack campaign | Usually an isolated incident |
🔐 What to do during a DDoS attack?
- Detect peak traffic via SIEM or Firewall logging
- Analyse the source, type and impact of the traffic
- Implement mitigation via anti-DDoS services or network filtering
- Communicate internally and with your ISP or SOC
- Document the attack characteristics and lessons learned
- Prevent recurrence with improved network architecture and throttling
🏭 Specifically in OT environments
- Loss of control over HMI or Historian
- Delayed or failed connection to PLCs via industrial gateways
- Overload of Remote Access servers or VPN gateways
- Unavailability of monitoring dashboards in the production environment
📌 In summary
A DDoS attack is a deliberate attempt to make a system or network unreachable through massed traffic from multiple sources. Protection starts with early detection, segmentation and collaboration with network providers or anti-DDoS services.