Distributed denial-of-service (DDoS) attacks come in many shapes and sizes, as do the myths surrounding them. These myths can center on motivations, DDoS attack vectors and techniques, mitigation strategies, and more. DDoS myths are also sometimes more dangerous than the attacks themselves because the misconceptions can leave organizations vulnerable to other types of cyberattacks, misguide mitigation strategies, or cause teams to miss attacks altogether. Let's look at five of the top myths regarding DDoS attacks and protection and debunk them.
Myth 1: DDoS attacks are uncommon, only target large corporations, and are carried out by sophisticated threat actors
In reality, DDoS attacks are very common, targeting businesses of all types and sizes. According to NETSCOUT’s ASERT research team, there were more than 15 million DDoS attacks worldwide in 2024. This level of activity shows that the threat of DDoS is alive and well, making defensive measures a must for companies of all shapes and sizes.
Although nation-states carry out their own sophisticated DDoS attacks, many are carried out by low-cost or even free DDoS-for-hire services that utilize global botnets or groups of compromised devices. Often, the ones requesting DDoS-for-hire attacks are not sophisticated hackers but are acting on geopolitical events, going after companies, individuals, or infrastructure that go against their interests.
DDoS attacks do not always target corporate networks. They often target infrastructure or key services, such as power grids, to profoundly impact the general population.
Myth 2: DDoS attacks only involve flooding networks with large amounts of traffic
In the early days of DDoS, the vast majority of attacks were large traffic floods. However, DDoS attacks have evolved over time, becoming more surgically targeted and complex. The media continues to report on the largest, most shocking attacks that are terabits per second in size, reinforcing this common misconception. Although these large-scale attacks are still dangerous, the majority of smaller attacks, under 1Gbps, are equally dangerous, targeting application layers such as the Domain Name System (DNS) and HTTP.
In 2024, ASERT noted a 43 percent increase in smaller application-layer attacks compared with 2023, showing that these targeted assaults are rising in popularity. This is because many DDoS protection services provided by internet service providers (ISPs) and other cloud protection solutions look for large volumetric attacks and disregard the smaller attacks, which are passed on to the customer. Unless networks have some level of DDoS protection in place, these smaller attacks are more likely to be successful and can cause issues for businesses and their customers.
Transmission Control Protocol (TCP) state-exhaustion attacks are another common type of smaller attack. They specifically target stateful on-premises devices such as firewalls, load balancers, virtual private network (VPN) gateways, and more, and fill their state tables with bogus connections, blocking legitimate users from accessing areas of the network.
Myth 3: Next-generation firewalls can stop DDoS attacks
Next-generation firewalls (NGFWs) are powerful devices that can greatly improve your overall security stance. However, their stateful design makes them vulnerable to several types of DDoS attacks, especially state-exhaustion attacks. Pairing NGFWs with a stateless DDoS mitigation solution placed in front of the firewall protects firewalls from state-exhaustion attacks.
Myth 4: Cloud-based DDoS protection alone is enough
When a DDoS attack is larger than your internet pipe, the only way to stop it is with cloud-based DDoS protection. That said, smaller attacks can slip past these protections, necessitating additional defensive measures. Modern DDoS attacks leverage multiple attack vectors to bypass defenses. This means they can pair a volumetric attack or state-exhaustion attack with an application-layer attack to target multiple areas of the network, making it harder to detect and mitigate.
By deploying a hybrid approach to DDoS defense, pairing cloud-based and on-premises inline DDoS protection solutions, organizations can better protect against agile, multivector DDoS onslaughts, maximizing uptime and availability.
Myth 5: DDoS protection does not require the use of AI/ML
Many believe that leveraging artificial intelligence (AI) or machine learning (ML) is not necessary in defending against DDoS attacks. That could not be further from the truth. First, attackers are using AI/ML to multiply attack volumes, increase sophistication, and avoid detection. This means that defensive measures must think the same way, leveraging the traffic anomaly detection capabilities of AI/ML to find abnormalities in traffic patterns that signify DDoS threats.
AI/ML can take the form of curated threat intelligence feeds that automatically block known, active DDoS threats in real time. With this threat intelligence constantly updated, the latest threats are no match for AI/ML-powered DDoS defenses. AI/ML can also automate real-time countermeasure adjustments to defend against multivector attacks.
DDoS Attacks and Protection
Myths have no place in protecting your network's most important digital assets. Don't fall victim to these common myths. Dedicated DDoS protection that defends against dynamic multivector DDoS attacks is the only true way to assure maximum uptime in the modern DDoS landscape.
5 Myths About DDoS
Learn more about NETSCOUT’s Arbor DDoS protection solution.