Skip to Content
Threats and Attacks

What is a DDoS attack?

A DDoS (Distributed Denial of Service) attack tries to take down a website, application or network by flooding it with a huge volume of fake requests at once, coming from thousands of infected devices. The goal is not to steal data, but to knock the service offline: overwhelmed, the system slows down or becomes unreachable for real customers. It is the digital equivalent of a crowd blocking a store's entrance so no real customer can get through.

Zamak TechnologiesUpdated on July 10, 2026

How a DDoS attack works

A DDoS does not exploit a password or a coding flaw: it abuses a physical limit, the service's capacity to handle requests. The attack is built in four stages.

1

Build the attack network

The criminal infects thousands of computers, routers and connected cameras with malware, forming a remotely controlled network called a botnet.

2

Aim at the target

They pick the address of the victim's website, application or network and program the entire botnet to hit it at the same time.

3

Flood

The thousands of devices fire fake requests in bulk. The volume consumes the network capacity, the memory or the connections of the server.

4

Take it down

With no spare capacity, the service slows down or goes offline. Real customers cannot get in, and every minute down turns into lost revenue and reputational strain.

Source: N-able Cyber Encyclopedia and Cloudflare (DDoS Threat Report).

Signs you may be under a DDoS attack

  • The site or system suddenly became slow or unreachable, with nothing changed on your side
  • An unusual traffic spike coming from one region, country or device type
  • The outage concentrates on one specific service (a form, a login page, an API)
  • The hosting or network provider flags bandwidth usage far above normal
  • The instability returns in waves, with spikes rising and falling rather than a single failure

The three types of DDoS attack

  • Volumetric The most common: floods the connection with a massive volume of traffic (measured in bits per second) until it exhausts the available bandwidth, like a fire hose aimed at a cup.
  • Protocol Exploits how connections are established, for example opening thousands of half-open connections (SYN flood) to exhaust the memory of servers and firewalls.
  • Application layer The most sophisticated: sends requests that look legitimate to a specific part of the site (a search, a login) to bring the application down with far less traffic, which makes it hard to tell the attack from real use.

Why DDoS is a real risk to your business

+121%
rise in the number of DDoS attacks over 2025 (Cloudflare, DDoS Threat Report 2025)
5,376
DDoS attacks blocked per hour, on average, in 2025 (Cloudflare)
31.4 Tbps
the largest DDoS attack ever recorded, concentrated in just 35 seconds, in late 2025 (Cloudflare)

DDoS has stopped being a niche threat and become an industrial-scale problem. Over the course of 2025, one of the world's largest network providers recorded a 121% rise in the number of DDoS attacks, reaching an average of 5,376 attacks blocked per hour, and the largest of them hit 31.4 terabits per second, a volume able to take down almost any unprotected service, concentrated in just 35 seconds. For a company, the damage is rarely stolen data: it is unavailability. An online store offline, a stuck order system or an unreachable customer portal mean lost sales, halted operations and customers who move to a competitor, not to mention DDoS being used as a smokescreen to hide another attack in progress. Because it depends on high-capacity network infrastructure, this is one of the threats where specialized protection makes the biggest difference.

How to protect the company against DDoS attacks

You cannot stop a criminal from launching the attack, but you can absorb the impact before it reaches your server. The layers, in the order that protects most:

  1. Specialized DDoS protection at the edgeA mitigation service with a distributed network absorbs and filters the attack traffic far from your infrastructure, before it reaches the server.
  2. Application filter (WAF)An application firewall separates the legitimate request from the fake one, essential against application-layer attacks, which mimic real use.
  3. Capacity and redundancySpreading the service across more than one point and keeping spare capacity prevents a single server from absorbing all the impact.
  4. Continuous traffic monitoringAn operations center watching traffic in real time recognizes the abnormal spike and triggers mitigation in the first minutes, when it matters most.
  5. A rehearsed response planKnowing in advance who triggers mitigation and how to communicate with customers turns a scare into an orderly response, not a scramble.

In practice

The question that reveals the exposure: if your main site went offline right now under a flood of fake traffic, how long would it take for someone to notice, and is there a service at the edge today to absorb the attack before it reaches your servers?

How Zamak protects your company's availability

Zamak Technologies treats availability as part of security, not an infrastructure detail. DDoS protection combines edge mitigation, an application filter and continuous monitoring by a security operations center, so the spike of malicious traffic is absorbed before it reaches the systems that keep operations running. Since every minute offline has a concrete cost, a good starting point is the downtime cost calculator, which shows in numbers what an outage means for your business.

Frequently asked questions about DDoS

What is the difference between DoS and DDoS?
In a DoS (denial of service) attack, the flood comes from a single source. In a DDoS (distributed denial of service), it comes from thousands of devices at once, usually a botnet. DDoS is much harder to block precisely because there is no single address to stop: the traffic arrives from all sides.
Does a DDoS attack steal company data?
Generally, no. The goal of DDoS is unavailability, taking the service offline, not stealing information. The added risk is that DDoS can be used as a smokescreen: while the team rushes to restore the service, another attack tries to break into the network unnoticed.
Are small companies a target for DDoS?
Yes. With botnets and attack services rented for little money, taking down a small company's site has become cheap. Competitors, extortion and activism are common motives, and smaller businesses tend to have less protection, which makes them easy targets.
Does a regular firewall protect against DDoS?
Not much. A traditional firewall can itself be taken down by the attack, because it has a finite capacity for connections. Effective DDoS protection happens at the network edge, with a specialized service that absorbs and filters the traffic before it reaches your infrastructure.
How long does a DDoS attack last?
It ranges from seconds to days. The largest recorded attacks lasted less than a minute, but were intense enough to take down unprotected services. Others stretch on for hours in waves. That is why mitigation must be automatic and continuous, not a manual reaction.
How do I know if I am under attack or just seeing a traffic spike?
A legitimate spike usually has a reason (a campaign, a news story) and a coherent origin pattern. A DDoS appears with no apparent cause, with traffic concentrated in one region or device type and aimed at a specific point. Continuous monitoring is what tells the two apart in real time.

Related terms

Endpoint and Identity
MFAPAM (privileged access)SSO (single sign-on)
Detection and Response
EDRMDRXDRMITRE ATT&CKSIEMSOC (security operations center)
Network and Access
ZTNAFirewallVPNSASE
Governance and Compliance
LGPDISO 27001SOC 2NIST CSFShadow ITCyber maturity assessmentHIPAAPCI DSSGDPRCMMCCIS ControlsISO 42001 (AI management)NIST AI RMFNIST 800-171FTC SafeguardsISO 27701 (privacy)FedRAMPGRC (governance, risk, compliance)vCIOvCISO
Concepts and Fundamentals
Deep webZero TrustDefense in depthAttack surfaceEndpointLeast privilege
AI and Security
Shadow AIAI governancePrompt injectionOWASP LLM Top 10Deepfake