For more than a decade, attackers have used distributed denial of service attacks to disrupt their victims' operations, often taking organizations completely offline. The motivations behind these attacks include notoriety, competitive advantage, cyber warfare, terrorism, hacktivism and/or extortion. Bandwidth- or resource-saturating DDoS attacks are effective, but today they are not the most common type of DDoS attack. Researchers are beginning to see a new motivation for the attacks they observe.

Today's DDoS attacks represent a much greater threat than the risk of an outage. Information breaches and the planting of malware are being hidden by a new attack vector called Dark DDoS. In order to effectively hide their tracks, attackers attempt to overwhelm security and logging tiers with smaller, repetitive DDoS attacks. The smaller attacks consume considerable time, attention, resources and log storage without filling the pipes. While everyone is focused on the DDoS incident, attackers are performing more insidious actions to breach and remain persistent in a network.

Attackers understand the kill chain in an organization. If an attacker who has compromised an internal system is detected, the security team (or another automated measure) invokes a kill chain mechanism. This mechanism kills the attacker's remote access by shutting down the system, or terminating the attacker's back door. If an attacker can maintain the access undetected, it allows them to move laterally, planting malware on systems they can access within a network, which often leads to a data breach or even fraud.