In what may catch many by surprise, distributed denial of service (DDoS) attacks are being used against companies, organizations, and individuals as an act of vengeance or revenge. No one is immune; documented victims have included non-profit organizations, community colleges, courts and law enforcement entities, and even noted security journalist Brian Krebs.The commonality is the individual behind the attack wishes to inflict damage, swiftly and completely, on the entity being attacked. No prior experience necessary; you can rent the DDoS service, by subscription no less, with a few clicks and an anonymous bitcoin payment.\u00a0DDoS for hireAccording to the Department of Justice (DOJ), John Kelsey Gammell in January 2018 pleaded guilty to \u201cconspiracy to commit intentional damage to a protected computer.\u201d The DOJ continues, \u201cGammel directed DDoS attacks at a number of victim\u2019s websites, including websites operated by companies he used to work for, companies that declined to hire him, competitors to his business and websites for law enforcement agencies and courts."Gammel, it would appear, wasn\u2019t totally ignorant of the need to obfuscate his identity when hiring the DDoS service (vDOS, CStress, Inboot, Booter.xyz, and IPStresser), as he used IP anonymization services, cleaned his drives, and used encryption to conceal the records of his activities.DDoS attack against a small businessThen we review the actions of David Chelsey Goodyear, whom the DOJ tells us was convicted in February 2018 by a jury of \u201cdirecting distributed denial of service cyber-attacks against two websites owned by Oklahoma telescope retailer, Astronomics.\u201d Astronomics, operates a free astronomy forum, \u201cCloudy Nights,\u201d which has 65,000-plus participants. Goodyear was booted from the forum for violating the terms of service and would repeatedly return under a new userid\/alias only to get booted again for violating the terms of service. With each instance, Goodyear\u2019s frustration increased, and he threatened a DDoS attack against Cloudy Nights and A55tronomics.What makes Goodyear\u2019s act of vengeance so interesting is that it didn\u2019t cost him a penny. Goodyear joined HackForum, and within hours of joining the forum posted a request for the forum\u2019s users to \u201ctake down\u201d the Astronomics website. For the next two weeks, the family owned Astronomics was subjected to DDoS attacks. No shortage of individuals ready to do the dirty work on request. Astronomics pegged their losses at a minimum of $5,000, with sustained damage for over a year.DDoS attack against a security writerThen there was the DDoS attack against noted security journalist Brian Krebs, which occurred in September 2016. The attack, large for the time, was estimated by Krebs to be 620 Gbps in size. This attack leveraged Internet of Things devices, routers, IP cameras and digital video recorders.In Krebs\u2019 instance, he was attacked by two individuals associated with the vDOS, a DDoS service for hire. Yes, the creators of the service used by Gammel to attack his victims. Krebs had written about the takedown of the vDOS service and the identity of two 18-year-old Israeli\u2019s, Yarden \u201capplej4ck\u201d Bidani and Itay \u201cp1st\u201d Huri, as the admins. Shortly after Krebs' article \u2014 and his site going dark as a result of the attack \u2014 the teens were arrested in Israel.Industry steps upFor news organizations, journalists, election monitoring sites, human rights organizations, etc., Google offers a free service:\u00a0Project Shield. It matters not how large your site is, if your application for Project Shield protection is approved, you will receive free protection.\u00a0 \u00a0For businesses, many IP hosting companies have partnered with a variety of DDoS defense companies, some bundling the service into their hosting agreements. Noted names include Cloudflare, Akamai, AWS Shield, and Microsoft Azure.Bottom line: If you rely on your website for commerce, be it as a store front or service provider, you must factor the DDoS threat into your cybersecurity matrix, and put in place a protection, mitigation and defense.The threat is not going to dissipate, and, indeed, as witnessed in the recent February 28 attack against GitHub, the DDoS 1.3 Tbps in size, DDoS attacks are only going to increase in both frequency and velocity. In GitHub\u2019s instance, they were prepared, and their service interruption was measured in minutes and not days.Are you prepared for a DDoS against your site?