3 Questions to the Expert and 3 answers that explain complex phenomena in a simple way.
I had the pleasure of meeting with Magda Zabrocka once again – this time our conversation focused on DDoS attacks. I truly appreciate these kinds of exchanges – insightful, to the point, and always grounded in mutual respect for each other’s expertise. It’s more than just a conversation – it’s a sharing of perspectives between two different worlds: cybersecurity and psychology.
What should we know about how a DDoS attack works? And how can companies protect themselves?
I warmly invite you to read our short conversation as a part of the “ “3 Questions to the Expert”- and 3 answers that explain complex phenomena in a simple way. Episode #8 – “DDoS – and how can companies protect themselves?”
Anna Modrzewska: Magda, there’s a lot happening in the news, and one thing I find particularly interesting is its impact on X (formerly known as Twitter). Have you heard about it?
Magda Zabrocka: I think you’re referring to the recent outage on the platform? It was caused by a DDoS attack.
Anna Modrzewska: DDoS – what is that?
Magda Zabrocka: A Distributed Denial-of-Service (DDoS) attack is a deliberate cyberattack designed to disrupt services by overwhelming a network with excessive traffic. This flood of connections overloads the system, causing websites to crash. Attackers use multiple sources—compromised devices, servers, and internet connections—to maximize their chances of success.
There are several types of DDoS attacks:
Volumetric attacks – These use botnets to flood a target with junk data, consuming bandwidth and leading to a denial of service.
Protocol attacks – These exploit vulnerabilities in network protocols, preventing proper connection establishment and keeping ports busy, ultimately shutting down the server.
Application-layer attacks – These mimic legitimate HTTP requests, overwhelming the server by forcing it to respond to a massive number of requests.
Fragmentation attacks – These send oversized data packets that the system struggles to reassemble, causing it to fail.
Anna Modrzewska: In simple terms, how does it work and how can companies protect themselves?
Magda Zabrocka: Too many requests sent simultaneously can max out a system’s bandwidth, making it unable to respond to new requests. The attack succeeds when users can no longer load the website or access services.
DDoS attacks are currently one of the top four cybersecurity threats, becoming increasingly common due to the availability of “DDoS as a Service.” Attackers need a network of compromised devices—known as a botnet—to launch an attack. Hackers infect computers, laptops, and mobile phones with malware, gaining remote control over them. Since these devices appear legitimate, detecting an incoming DDoS attack is extremely difficult. Protection is based on detecting whether traffic is legitimate is a challenge. One of the best defenses is to establish a baseline for network traffic to differentiate normal activity from suspicious spikes. However, this is difficult for global platforms like X, where high traffic can occur at unpredictable times.
Some common defense strategies include:
Blackhole routing – Redirecting malicious traffic to a null destination. However, this can also affect legitimate users.
Rate limiting – Restricting the number of requests a server can handle. While this may slow down real users, it prevents the server from crashing entirely.
Rate limiting – Restricting the number of requests a server can handle. While this may slow down real users, it prevents the server from crashing entirely.
Despite these measures, even large, advanced companies like X struggle to defend against highly organized attacks, such as the one recently conducted by the hacktivist group The Dark Storm.
