What is a DDoS attack?
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service or network resources unavailable by overwhelming it with traffic from multiple sources. They often target a wide variety of important resources with high traffic, from banks to news websites to social networks.
DDoS attacks work by attacking website Domain Name Service(DNS). DNS act as internet directory/phone book which basically translate a URL into an IP address. When you type a URL on a web browser, the browser will try to figure out where the website is by pinging a series of servers. Once found, the server will respond with a web page of the website you were looking for.
So how does DDos work?
A hacker takes advantage of an infected computers to generate flood of traffic. This traffic will be targeted to a website or an IP addres. This makes it hard to circumvent by blocking an IP address. Distinguish legitimate user traffic from attack traffic when spread across so many points of origin/IP addresses becomes difficult.
Most people confuse Denial of Service (DOS) attack to DDoS attack. The DoS attack typically uses one computer and one Internet connection to flood a targeted system or resource. The DDoS attack uses multiple computers and Internet connections to flood the targeted resource. DDoS attacks are often global attacks, distributed via botnets.
DDoS attacks can take an entire website down in minutes. Use of traditional methods of preventing intrusion and Firewalls cannot always mitigate the security risks associated with these threats. You can protect your website from DDoS attacks by use of Cloud mitigation providers such as CloudFlare, Google's project Shield and Dyn. In this case, your traffic has to go through these mitigation service before reaching the destination. It's upon them to figure out which traffic is genuine and which one is not. The challenge comes when these cloud mitigation providers become the target.