A distributed DDos attack is harder to detect compared to a Dos attack as its an attack not not originating from a single source but multiple sources.
Ddos can be said as magnified version of Dos attack, here the attacker distributes the sources of attacks so that its hard to detect the attacker.
Attacker scans the internet and local machine and identifies vulnerable host machines on the network, known as handlers and compromise them, attacker makes copies of attacks and silently distribute it through virus (creates zombies).
Zombie: A program used for launching attacks on other machines
Each handler then recruits more agents or zombies to launch the final attack, attacker then activates the zombies to attack the victim from distributed locations.
Having multiple levels of attackers means that more zombies can be co-opted thus amplifying the attack. For example, the controller may recruit 1000 handlers.If each handler controls 500 zombies then, we have a total of 5,00,000 zombies.The zombies are injected with the code that sends attack packets to the victim in co-ordinated fashion to overwhelm it.In addition, the source IP address is spoofed to obscure the source of attacks.
Attackers usually use DDoS as a smoke screen to hide a precision DoS.
To stop a DDoS, you are somewhat constrained by the infrastructure used, but mechanisms can include using a CDN or a DDoS scrubbing service.
Common motives behind a DDOS attack:-
1)Revenge
Revenge is perhaps the most common reason for DDoS attack. Current and ex-employees, angry customers ....
anyone with a dispute may have motive for attack. Hackers sometimes attack over minor disagreements.
2)Competition
DDoS has the ability to cripple company operations, damage reputation and devastate sales. In many cases it may
directly benefit competitors.
3)Politics
DDoS has the potential to digitally silence political opposition and may be used by political groups and terrorists.
Even seemingly apolitical organizations can become targets. In 2010, Mastercard, PayPal and Visa became the
targets of a DDoS attack after helping governments to cut off funding to Wikileaks.
4)War
Many governments have developed significant DDoS capabilities as a weapon of war.
5)Cloaking Criminal Activity
DDoS may be used as a distraction — to hide other illegal activities. In other cases, it can be used to prevent
organizations from defending themselves from other types of attack (such as phishing).