DDoS attacks: an invisible threat with massive impact

The current situation: DDoS attacks are rising sharply worldwide and in Switzerland
 

The threat landscape surrounding Distributed Denial of Service (DDoS) attacks intensified significantly in 2024, both globally and in Switzerland

• In Switzerlandz: the Swiss federal office for cybersecurity (BACS) reported a notable surge in DDoS attacks targeting businesses, government entities, and critical infrastructures. In January 2025, a coordinated attack on federal IT systems disrupted the availability of multiple services for approximately 45 minutes (BACS, 2025).
   
• Globally: Various threat intelligence reports confirm that over 21.3 million DDoS attacks were recorded in 2024 — a 53% increase compared to the previous year. More than 420 attacks exceeded 1 Tbit/s, with the largest recorded incident peaking at an astonishing 5.6 Tbit/s.

The message is clear: DDoS attacks have become a permanent reality in enterprise risk management and can no longer be ignored.

What is a DDoS attack?

A Distributed Denial of Service (DDoS) attack aims to disrupt digital services by overwhelming servers, networks, or applications with massive volumes of traffic. Attackers often leverage botnets — vast networks of compromised devices — to simultaneously generate millions of requests.

The result is that websites and online services become unreachable, internal systems are overloaded, and critical business processes are at a standstill.

Evolving attack landscape: greater complexity and scale

Modern DDoS attacks have grown significantly more sophisticated:

• Multi-vector attacks: attackers combine multiple attack types across layers (network, transport, and application) to bypass conventional defence systems.
• IoT-based botnets: the proliferation of connected devices — such as routers, surveillance cameras, and smart home systems — is systematically exploited. Vulnerabilities in IoT devices allow attackers to build botnets comprising millions of units, dramatically increasing the scale and impact of attacks.

This growing complexity makes early detection and effective mitigation increasingly challenging.

Additionally, cybercriminals are leveraging artificial intelligence (AI) to enhance the precision of DDoS campaigns. Machine learning algorithms analyze vast amounts of network traffic to identify optimal attack methods and timing, resulting in highly efficient and targeted assaults that can overwhelm defenses with striking precision.

The professionalization of threats: DDoS-as-a-Service

An alarming trend is the commercialization of DDoS attacks as an underground service:

• DDoS-as-a-Service platforms allow virtually anyone to commission targeted attacks.
• Basic attacks are available for as little as $50 to $100!
• Professional operators offer tiered service packages, subscriptions, and even "test attacks."

This trend dramatically lowers the barriers to entry for cybercrime. Today, companies do not necessarily have to be high-profile targets — mere visibility on the internet can make them vulnerable.

The impact on businesses

DDoS attacks can inflict severe damage across multiple dimensions:

• Direct financial losses due to service outages
• Reputational harm and harmful media exposure
• Erosion of customer and partner trust
• Increased vulnerability to secondary attacks such as ransomware and malware

For businesses reliant on high availability, DDoS attacks can present existential risks.

Building resilience: how companies can protect themselves

Adequate DDoS protection relies on a multi-layered strategy:

• Deploy specialized DDoS mitigation solutions with intelligent traffic filtering
• Build geographically distributed infrastructures with redundancy in mind
• Implement continuous network monitoring and real-time traffic analysis
• Integrate DDoS resilience into business continuity and crisis management plans
• Conduct regular simulations and penetration tests to optimize response times and strengthen defenses

Only a comprehensive approach — combining technical measures, organizational preparedness, and continuous improvement — can provide sustainable protection against the evolving DDoS threat.

DDoS resilience: a business imperative

DDoS attacks are growing in frequency, size, and sophistication. Organizations must proactively invest in their resilience to ensure service availability and safeguard long-term trust with customers and partners.