Back to blog

Follow and Subscribe

The History of DDoS

Natalie Lightner

Senior Content Marketing Manager

David King

Product Marketing Manager, Security, Fastly

Distributed denial of service (DDoS) attacks aim to disrupt services by overwhelming systems and wreaking havoc on daily business operations - crashing their servers and preventing legitimate traffic (consumers) from accessing information and services. When successful, these attacks have enormous financial impacts; consider the average organization’s reliance on their website(s) to generate or support revenue. Any downtime can severely impact a business, resulting in lost customer loyalty, a negative user experience, damaged reputation, and most importantly, lost revenue. 

The frequency of these attacks is only increasing. In 2023, Verizon’s DBIR noted that the attack is “responsible for more than 50% of incidents analyzed this year.” Today, DDoS attacks remain one of the most disruptive and prevalent attacks in the cybersecurity space. These attacks are increasing in size, sophistication, and frequency, demanding that organizations take proper precautions and efforts to counteract and prevent them.

The origins of DDoS

So how did these pesky attacks come to be?  

What we recognize as a DDoS attack today stemmed from a 1974 experiment by a teenager at the University of Illinois - before the advent of the internet! A student successfully ran a program that crashed all of the terminals on a shared learning platform. While this initial experiment was not malicious in nature, it set the foundation for DDoS attacks today: the exercise introduced the idea of overwhelming a system in an effort to take it down/crash it.

In the 90s, DDoS attacks became common, with attackers sending massive ‘junk’ files to organizations, overloading and flooding organizations’ online presence. Because these attacks required great financial contributions from attackers, the efforts were brief, yet crippling. These earliest DDoS attacks were considered massive in scale, though today, the frequency and size of these attacks are routine. In response, organizations were forced to operate with enormous bandwidth in order to combat them (to prevent them from overloading their bandwidth). 

The 2000 Michael “Mafiaboy” Calce attack against CNN, Yahoo, Amazon, and more set the new standard for DDoS: he successfully generated a huge amount of fake traffic to servers and altered the encryption of standard network protocols in order to remain undetected. The scale, ease, and effectiveness of these attacks set a new precedent.

In the decades since, the sophistication and frequency of this cyberattack have grown exponentially, prompting organizations to take serious consideration and measures to counteract them – because it is no longer a question of if, but when, an org will face a DDoS attack.

DDoS Today 

The impact of distributed, disruptive attacks has never been greater as more organizations, across all industries, modernize towards software-driven operations. No matter the size of the enterprise or its software architecture, applications, and APIs running on the public internet are susceptible to application-level DDoS attacks by motivated attackers that can slow their services, inflate cloud expenses, or, worse, take business-critical and revenue-generating systems offline. Organizations need modern scalable solutions to mitigate the risk of DDoS attacks before they ever happen.

The advent of 5G and IoT has introduced yet another attack vector; the lack of IoT security and the increased bandwidth of 5G (high bandwidth, low latency), provide easier targets for this type of attack. 5G networks, in an effort to achieve low latency, operate on a distributed network architecture with many points of access. This, combined with the increasing number of connected (IoT) devices and growing reliance on open source applications, has effectively expanded the attack surface for DDoS. 

Today, the majority of DDoS attacks follow a ‘low and slow’ approach, with a barrage of smaller attacks slowly chipping away at an organization’s performance and availability. No longer is a massive DDoS event the only concern - orgs should be prepared for both an event of massive scale and for a more likely battery of smaller attacks.

Catching and mitigating these smaller attacks can be challenging, as they often are too small to even register as an attack on an organization’s security tooling. Orgs need a sophisticated solution that can identify not only obvious traffic spikes but also effectively identify and mitigate these more subtle DDoS efforts.

How Fastly can help

As organizations increasingly move toward a DevSecOps approach to security - wherein platform engineering teams are brought into tasks traditionally managed by security teams - they need solutions that require minimal tuning, or hands-on security expertise. A solution should easily align with an org’s specific needs, flexibly scaling to address DDoS for the largest organizations down to the smallest startup. When a solution like Fastly’s DDoS Protection doesn’t require fine-tuning, security teams have more time to dedicate to security challenges that require their expertise.

Fastly DDoS Protection rapidly deploys and automatically protects against disruptive and distributed threats, effortlessly maintaining the performance and availability of your applications and APIs. Everyone is susceptible to a DDoS attack; with Fastly DDoS Protection, anyone can flip a switch and enable immediate protection - whether it’s the platform engineer with little to no security expertise, an organization experiencing an enormous attack, or a company hindered by the ‘low and slow’ DDoS tactic, Fastly has got you covered!