Originally, denial of service (DoS) meant that specific internet services on an IT system (e.g. on a server) were not available for a limited time. This can happen when the relevant servers are overburdened – because of too many user requests, for instance. Examples of internet services include websites, email services, and chat functions.
In a DoS attack, the attacker intentionally causes the “denial of service.” They do this by “bombarding” an IT system’s network connections – which are responsible for the exchange of external data – with an immense number of requests, which end up overburdening it. If the number of requests rises above the capacity limit, the system slows or crashes completely, which means that websites, email features, or online shops, for example, can no longer be called up by users.
A DoS attack is more or less comparable with a real-life store that hundreds of people crowd into. Shoppers distract sales personnel with misleading questions and block resources, but make no purchases in the end. The sales staff is overburdened to the point of collapse, and actual customers are no longer able to enter the shop or be served by anyone.
In principle, pure DoS attacks are relatively simple to carry out. That’s because it’s not necessary to infiltrate secure IT systems. Even those with small budgets or little to no technical expertise can carry out an illegal attack – on a competitor, for example. Cyber criminals offer this type of attack on the dark net for as little as a few hundred euros. If companies and organizations are not prepared for DoS attacks, maximum damage can be caused with minimal effort.