From retail to financial services and all the way through to government websites – no one is spared from the wide range of cyberattacks perpetrated by cyber criminals against critical online services.
Here are the numbers that show it: in Q1 2025, Cloudflare blocked 20.5 million DDoS attacks, a 358% year-over-year (YoY) increase. In the same vein, cybersecurity firm Radware’s "2025 Global Threat Analysis Report" confirms that on a YoY basis, the total rise in web DDoS attacks for 2024 was an astonishing 548.79% compared to the previous year.
One reason? Bad actors increasingly adopt sophisticated Layer 7 (L7) attack techniques to target web apps and their backend infrastructure, often bypassing traditional website firewall protection.
Pascal Geenens, director of threat intelligence at Radware, states that "The escalations in the threat landscape have significant implications for every sector from finance and telecommunications to government and eCommerce and beyond. Organizations are operating in a dynamic environment that demands equally dynamic defense strategies. While bad actors don’t have to do their jobs perfectly to have a major impact, defenders do."
Customer portals, eCommerce websites, and web apps are increasingly vulnerable to web threats. In 2025, we already see many web services being impacted by cyber criminals. Here’s a roundup of the biggest attacks in the first half of this year.
Top cyberattacks on web services in H1 2025
DDoS attack on Dutch payment service
The Dutch payment service Adyen was hit by DDoS attacks several times in April 2025. Customers of shops, restaurants, and online stores experienced disruptions when paying throughout Europe. Adyen’s share price fell by more than 2% on the stock exchange the day after the attack.
Hackers attack Belgian government websites
In March 2025, a pro-Russian hacker took several Belgian government websites down. This attack was an escalation from the ones that took place in October 2024, when the hackers attacked websites of small municipalities in Belgium. A similar string of cyberattacks were carried out in Switzerland in January this year. The attacks affected the cantonal banks of Zurich and Vaud, as well as the Lucerne municipalities of Adligenswil, Kriens and Ebikon.
Victoria’s Secret’s website offline
The website for Victoria’s Secret was back online at the end of May after a prolonged “security incident” caused the company to take down the site for several days. Shares of Victoria’s Secret fell nearly 6% in just 5 days from when news of the attack was disclosed.
Insurance’s customer portal down
Erie Insurance of Pennsylvania, USA, suffered significant business disruptions and system outages in June 2025. The culprit behind this cyberattack is currently under investigation; network intrusion is most likely the cause. Erie Insurance provides a range of insurance policies, including life, auto, and – the irony is not lost on me, cyber insurance. The incident has affected access to its customer portal, making it hard to submit claims.
Customer care taken offline
On April 25th, Nova Scotia Power discovered a cyber incident involving unauthorized access to its systems, impacting their online customer portal. The company was forced to isolate certain servers after this attack to prevent “further intrusion.” The company provides 95% of the power for Nova Scotia and serves more than 500,000 homes and facilities.
Stay online with the SCION Internet via Anapaya GATE
What this slew of cyberattacks tell us is this: web service protection matters more than ever. Existing solutions or endpoint protection services are not enough – they fail to provide a proactive stance for cybersecurity and instead put you into a defensive and reactive mode.
An example of a current and popular “solution” is “scrubbing infrastructures.” Scrubbing infrastructures – a way to classify packets into legitimate and undesired ones and only forward the legitimate packets towards the service – such as Cloudflare or Akamai, are widely used.
Due to the dimensions of these scrubbing infrastructures, they can process enormous amounts of packets, usually much more than the operator of the service that is protected by the scrubbing infrastructure. However, the classification into illegitimate and undesired packets is imperfect at best and the cost of such a solution can be prohibitive.
Just as important, this approach brings with it the issue of vendor lock-in: if any of the service providers, such as Cloudflare or Akamai, suffers an outage, half of the Internet could go down – along with your web service or web app.
In other words, this kind of solution only scratches at the surface of the issue and does not get to the root cause of the problem. And what is that? The size of your web application’s or web services’ attack surface – which we can guarantee is far too large to start with.
Reducing your attack surface and having more control on your web service visibility is key on the Internet as we know it today. If you switch to SCION, you can make your online service invisible to cybercriminals on the SCION Internet and secure remote access with Anapaya GATE.
With Anapaya GATE, you have complete control over your web service exposure – in fact, you can select which SCIONabled ISPs your service endpoints are announced to. Remote users within the selected ISPs will reach your service endpoints via Anapaya GATEs – never entering the Internet. Outside the selected ISPs, your service endpoints are invisible.
Of course, we all know that web services today need to be reachable worldwide – no matter the type being ecommerce, governmental, customer support – web services require global access. So, what if your users’ Internet providers are not part of the GATE infrastructure? Well, easy for me to answer that: let me introduce Global Connect.
Worldwide web service protection with Global Connect
Global Connect is a powerful extension to the Anapaya GATE service, operating as a dedicated GATE infrastructure. While the standard Anapaya GATE model restricts service access to a select group of SCIONabled, trusted ISP networks, the GATE providers, Global Connect allows organizations to selectively and safely extend the reach of their protected services to the broader public Internet. It acts as a controlled bridge between the SCION Internet and the global Internet, offering granular control over how and where web services are accessible.
Global Connect is designed for organizations that require global or broad geographic reach for their web services and applications, without compromising remote access security or accepting the risks of full exposure to the public Internet. It is centered on three key principles:
- Controlled global reach: GlobalConnect extends service availability to users in specific countries or regions without exposing the service to attackers from all over the world. It prevents traffic from overwhelming services through rate limiting and AS-level filtering.
- Rapid incident response: In the event of a security incident, GlobalConnect enables quick disconnection of the service from the global Internet, minimizing potential damage.
- Easy to deploy: It’s as easy and flipping a switch! No extensive configuration and a streamlined interface on Anapaya CONSOLE.
You get the same benefits of the GATE, but now with a wider reach.
So, why Anapaya GATE for your web service?
Now that went through how the GATE works on the SCION Internet – I am sure you are curious to know what the benefits of this configuration are:
Shrinking the attack surface
Instead of being visible and accessible to the entire public Internet, your web service is only exposed to selected, trusted networks. By adding the Global Connect feature, you can also granularly select in which countries or regions your web service will be visible. This reduces the potential attack surface from billions of devices globally to just the users within those specific networks or regions. What cannot be seen cannot be attacked.
Preventing critical threats
This drastic reduction of the attack surface greatly decreases the risk of falling victim to common and sophisticated cyberattacks, such as:
- Distributed Denial of Service (DDoS) attacks: Most DDoS attacks rely on overwhelming a target with traffic from a multitude of compromised machines across the globe. If these machines cannot see or route traffic to the target service, the attack is rendered ineffective before it can even begin.
- Exploitation of vulnerabilities: Even if a service has a critical software vulnerability (including zero-day exploits), an attacker must first be able to connect to the service to attempt an exploit. By severely limiting who can connect, GATE dramatically reduces the pool of potential attackers, providing powerful security layer that complements traditional defenses like firewalls and patching.
This set up is particularly a fit for securing public-facing web services that are critical yet have a defined user base that can be protected from attacks while remaining accessible to legitimate users. Let’s see them.
Online service use cases with Anapaya GATE
Use case 1: Ecommerce
The data shows that in 2024, the e-commerce industry was a key target for cybercriminals — ranking fifth among all industries for ransomware attacks. When it comes to DDoS attacks, specifically Layer 7 DDoS, the majority were aimed at the “Fintech” sector (52%), followed by e-commerce, which came in second with 18%. The obvious question is: How can I protect my website?
Use case 2: Online customer platforms
Web services such as customer support portals, police platforms, insurance e-portals, e-banking services, education and e-learning platforms, tax online platforms, and e-voting systems are all increasingly targeted in today’s digital threat landscape.
Use case 3: Emergency and crisis web apps
In the event of power outages, public health crises, natural disasters, nuclear emergencies, or when emergency alerts are issued, a website becomes as critical as the information it provides. Clear, reliable access to an alert portal is the difference between swift resolution and chaos.
Customer voice: Emergency website protection during power shortages with the GATE
In case of a severe electricity shortage, the Association of Swiss Electricity Companies (VSE/AES), takes the lead in ensuring that all Swiss citizens have continuous access to critical electricity information on a dedicated website.
This website is critical because the energy sector faces significant risks from incidents like DDoS attacks and data breaches, which can disrupt any part of the electricity value chain, from generation to transmission and distribution. In addition, ongoing geopolitical tensions within the EU and concerns around sovereignty increase the likelihood of power shortages. To make matters worse, cybercriminals often exploit such crises to trigger cascading disruptions across other critical ecosystems like finance, healthcare, and government – making the threat of society upheaval very real.
The VSE needed a robust solution to ensure the website always remains accessible to Swiss citizens. That's why they chose Anapaya GATE.
With a reduced attack surface by up to 99%, the website is invisible to opportunistic cybercriminals, preventing DDoS and other malicious cyber threats. This solution ensures that the website is always-on, preventing the spread of panic and misinformation during power shortages.
For more about this case study, go here.
Web security starts with SCION and Anapaya GATE
We believe the voice of the customer speaks louder than anything we could say – but it's worth reiterating: with cybersecurity threats showing no signs of slowing down, we strongly encourage CISOs, CTOs, and even CEOs, to explore technologies like SCION. It’s a powerful addition to any security stack, offering next-level protection for web services and applications via Anapaya GATE – now with global reach and coverage.
