A denial of service (DoS) attack is an explicit attempt made by an attacker to make victim's Internet resources unavailable to its intended audiences. The DoS attack is usually carried out by one machine connected to the Internet by exploiting known UDP and TCP vulnerabilities.
A distributed denial of service (DDoS) attack is a type of DoS attack carried out by multiple compromised computers to flooding victim's network in a way that victim's server cannot handle it. A DDoS attack involves 3 parties: an offender, helpers (or botnet) and a victim. The offender is the one who plots the attack, and helpers are the machines that are compromised by the offender to launch attack against a victim (the target). The offender commands the helpers to attack the victim's host at the precisely same time.
It is hard to pinpoint why some entities are targetted for DDoS attacks, and who's behind it. Since there are no hard evidences of why DDoS are happening, we'll rely on researches and theories based on some speculations to name a few reasons. Of the list below, some research states that hacktivism and vandalism were the main motivations for DDoS attacks.
Most small to medium size busniesses have limited resources to fend off a DDoS attack. A study from Incapsula states that nearly a half of DDoS attacks last between 6 and 24 hours. Depending on size of the attack, your team may not be able to fend off yourself in which case you'll have to rely on professional services.
For small scale DDoS attacks, you may mitigate youreself by securing your server with mod_evasive, mod_security and other WAF (Web Application Firewall) utilities offered by your operating system.
For larger scale DDoS attacks, you'll have to turn to professional DDoS protection service providers. Even as tiny as 5Mbps attacks can't be handled by WAF utilities (see above) offered by most Linux distros.
There are a number of DDoS protection service providers, and picking anyone will most likely resolve moderate scale DDoS attacks. Most providers offer 7-day free trial, so you may use it to mitigate "under attack" situation, and seek long-term solution. Our experience with Incapsula mitigated one incident we've experienced with one of our sister site.
Disclaimer: We receive compensation when a purchase is made from the referred link. Our recommendation is based on our research and positive feedback we received from the users who've used the services.