There are a large amount of IoT devices which use default settings, making them vulnerable to infection. Once infected, the device will monitor a command and control server which indicates the target of an attack. The reason for the use of the large number of IoT devices is to bypass some anti-DoS software which monitors the IP address of incoming requests and filters or sets up a block if it identifies an abnormal traffic pattern, for example, if too many requests come from a particular IP address. Other reasons include to be able to marshall more bandwidth than the perpetrator can assemble alone, and to avoid being traced.
For those of you who either aren't tech-savvy or have been led by CSI to believe that DDoS stands for \"Dangerous DOS Office Spam,\" a distributed denial of service attack floods a server with so many simultaneous requests that it slows to a crawl and can't do anything. It's like shutting down a sandwich shop by sending in 300 people to all demand their order at once. Only in this case, it was up to 600,000 computers that had been linked into a botnet through malware infections.