The defense against DDoS attacks is like an arms race: As the defense measures improve, the attacks become more dangerous.
Approximately 20 years ago, on 22 July 1999, the first DDoS attack took place. A computer at the University of Minnesota was suddenly attacked by 114 other computers, all of them running a malware program called Trin00. The computer went down for two days.
An attack of this kind would not even be registered today. Even much larger attacks, which just a few years ago would have pulled a medium-sized service provider from the net, do not trigger an alarm for us anymore, instead they are automatically mitigated.
This doesn't mean, however, that we can rest on our laurels when it comes to DDoS attacks. On the contrary, we are still in an ongoing arms race. While the defensive measures are being improved and expanded, the number, scope, duration and sophistication of the attacks are increasing in parallel.
A combination of various defensive measures to protect against DDoS attacks is therefore still absolutely essential.
Summertime and the DDoS is easy: Q2/2019 saw 18% rise in attacks compared to last year. (Kaspersky)
What we’ve learned since the first DDoS attack was 20 years ago (MIT Tech Review)