The IT Pro Podcast: Inside the DDoS arms race
They’re still among the most common cyber attacks - but what makes DDoS so popular?

Cyber attacks are something that every business worries about on a near-constant basis - but while DDoS attacks may not make it onto many CISOs lists of the most worrying threats, they remain one of the most prevalent types of attack - partly because they’re dangerously easy to launch.
The scale and speed with which DDoS attacks can be launched is lowering all the time, too, thanks to the spread of IoT-driven botnets and the rise of DDoS-as-a-service vendors. One of the companies on the front line of defending against this threat is Cloudflare, and in this episode of the IT Pro Podcast, we’re joined by Cloudflare CTO John Graham-Cumming to discuss the tactics used to mount these attacks, and why they’re never really going to go away.
Highlights
“If you think back a few years, when you think about DDoS, it was often just that the website was not online for a business. And at a time when websites were primarily marketing tools, almost a brochure, it mattered from a reputation perspective and some loss of business. But of course, we've switched to using the internet for pretty much everything. I mean, look at us talking like this over the internet and schooling and working from home and ordering lunch. And you imagine the myriad of things we do on the internet; all of those things are vulnerable to DDoS attacks.”
“We built our systems up so that they can detect and mitigate this stuff, automatically. And from a capacity perspective, because we built the network to be very, very large, we don't worry about the size of attacks. Obviously, we worry in the sense of planning for bigger and bigger attacks, and making sure we have the infrastructure in place, making sure our systems are working… but in both the case of the two terabit per second attack, and in the case of the 17 million requests per second attack, those are just automatically mitigated.”
“We see continuous attacks of all sizes, and it seems to be growing, unfortunately. I had kind of hoped this problem would slow down, but it doesn't seem to be doing so. Sadly, DDoS is just part of what we deal with. It's almost like it's the background noise of the internet, there's always some nonsense going on.”
Read the full transcript here.
Footnotes
- NCA site hit bit Lizard Squad following arrest of six teenagers
- What is a DDoS attack?
- DDoS attacks are crippling UK VoIP operators
- DDoS attacks are still a key weapon for corporate extortion
- Microsoft mitigated 'largest ever' 2.4Tbps DDoS attack
- Owner of DDoS for hire sites found guilty of hacking offences
- Global ransom DDoS extortionists are retargeting companies
- How to stop a DDoS attack
- Australia internet banking outage blamed on DDoS mitigation service
- Oracle joins Cloudflare's Bandwidth Alliance
- Major AWS outage knocks a host of services offline
- Hackers use WebSVN to deploy new Mirai malware
- Colonial Pipeline hack spurred copycat attacks on other oil and gas companies
- Anonymous DDoS attacks cost PayPal £3.5m, court hears
- ICO website taken down by Anonymous DDoS attack
- What is a botnet?
- Botnet targets vulnerable Microsoft Exchange servers
- IoT botnets are on the rise and 5G isn’t helping anything
- Europol takes down 'dangerous' Emotet botnet
- New Mirai variant spotted targeting network devices
- Was Mirai malware behind Dyn DDoS attack?
- Oracle calls time on DNS specialist Dyn
- Practicality of UK government’s cyber bill criticised by industry experts
Subscribe
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Google Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Subscribe to IT Pro 20/20
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.
For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.
-
GitHub just launched a new 'mission control center' for developers to delegate tasks to AI coding agents
News The new pop-up tool from GitHub means developers need not "break their flow" to hand tasks to AI agents
-
The Allianz Life data breach just took a huge turn for the worse
News Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
Can cyber group takedowns last?
ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
July rundown: Salt Typhoon and SharePoint scares
ITPro Podcast US public sector organizations are under serious threat from the state-backed hacking group
-
Can the UK ban ransomware payments?
ITPro Podcast Attempts to cut off ransomware group profits could instead harm businesses
-
We need to talk about operational technology
ITPro Podcast Groups like Volt Typhoon are abusing poor hygiene in critical infrastructure to pre-position for attacks
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
April rundown: MITRE frights and Microsoft launches Recall (again)
ITPro Podcast As CISA delivered an eleventh-hour reprieve for the CVE database, AWS reportedly began to pause some data center leases
-
The new era of cyber threats
ITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
-
Supply chain scares and Google’s AI code
ITPro Podcast As the ransomware attack on Blue Yonder disrupts a wide range of firms, Google moves to lead by example on internal AI code