Why do people ddos

Content on WhatAnswers is provided "as is" for informational purposes. While we strive for accuracy, we make no guarantees. Content is AI-assisted and should not be used as professional advice.

Last updated: April 8, 2026

Quick Answer: People launch DDoS attacks primarily for financial gain, political activism, or competitive advantage. In 2023, Cloudflare reported a 79% year-over-year increase in DDoS attacks, with the largest attack reaching 71 million requests per second. The average cost of a DDoS attack to businesses is estimated at $218,000 according to Kaspersky Lab's 2022 report. These attacks often exploit botnets of compromised devices, with the Mirai botnet in 2016 demonstrating how vulnerable IoT devices can be weaponized.

Key Facts

DDoS attacks increased 79% year-over-year in 2023 according to Cloudflare
The largest recorded DDoS attack in 2023 reached 71 million requests per second
Average business cost of a DDoS attack is $218,000 (Kaspersky Lab 2022)
The Mirai botnet attack in 2016 infected over 600,000 IoT devices
DDoS attacks can last from minutes to weeks, with the longest recorded attack lasting 38 days

Overview

Distributed Denial of Service (DDoS) attacks represent a significant cybersecurity threat where attackers overwhelm target systems with excessive traffic from multiple sources. The concept dates back to the late 1990s, with one of the first major attacks occurring in February 2000 when a 15-year-old Canadian student launched attacks against major websites including Amazon, eBay, and Yahoo, causing millions in damages. The evolution of DDoS attacks accelerated with the rise of botnets in the early 2000s, where attackers could control thousands of compromised computers simultaneously. By 2016, the Mirai botnet demonstrated how vulnerable Internet of Things (IoT) devices could be weaponized, infecting over 600,000 devices and launching attacks exceeding 1 terabit per second. Today, DDoS attacks have become increasingly sophisticated, with attackers employing multiple vectors simultaneously and leveraging cloud infrastructure to amplify their impact.

How It Works

DDoS attacks operate by flooding target systems with more traffic than they can handle, typically using three main methods: volumetric attacks that consume bandwidth, protocol attacks that exploit server resources, and application layer attacks that target specific applications. Attackers often use botnets—networks of compromised devices infected with malware—to generate attack traffic. These botnets can range from thousands to millions of devices, including computers, smartphones, and IoT devices like security cameras and routers. Attackers employ amplification techniques using protocols like DNS, NTP, and SSDP to multiply their attack power, where a small request generates a much larger response directed at the target. The attack process typically involves reconnaissance to identify vulnerabilities, weaponization of devices through malware infection, command and control through centralized servers, and execution of coordinated attacks that can last from minutes to weeks.

Why It Matters

DDoS attacks have significant real-world consequences, with financial losses averaging $218,000 per attack according to Kaspersky Lab's 2022 data. Beyond financial damage, these attacks can disrupt critical infrastructure, including healthcare systems, financial services, and government operations. The 2016 Dyn attack, which originated from the Mirai botnet, disrupted major websites including Twitter, Netflix, and Reddit, affecting millions of users. DDoS attacks also serve as smokescreens for more sophisticated cyberattacks, allowing criminals to steal data while security teams are distracted. The growing threat has led to increased investment in DDoS protection services, with the global market expected to reach $4.7 billion by 2025 according to MarketsandMarkets research.