In the week of April 21–25, 2025, a wave of Distributed Denial-of-Service (DDoS) attacks swept across Europe, targeting critical financial infrastructure and disrupting services for millions of users. These incidents underscore the growing cyber threat landscape and the urgent need for robust, always-on protection for digital financial services.
A Week of Disruption
On April 21, 2025, a major European payment provider experienced three separate DDoS attacks that severely impacted transaction processing across the continent. According to their public incident report, the attacks overwhelmed their systems, causing nearly nine hours of service degradation. Full functionality was only restored by the early hours of April 22.1
The attacks occurred outside of normal business hours, further complicating the response. Reports suggest that the provider had to manually activate their DDoS protection solution, highlighting the risks of not having an always-on mitigation strategy in place.
Just days later, on April 24, Sweden’s BankID—an essential component of the country’s digital identity and financial ecosystem—was also hit by a DDoS attack. The service experienced several hours of disruption, though no data was compromised, according to Mobile ID World.2
Mastercard Threat Protection in Action
While some institutions struggled to contain the damage, others were better prepared. One Mastercard Threat Protection customer, a major financial corporation, was targeted by four large Layer 4 DDoS attacks between April 22 and 23. These attacks, which involved over 30,000 unique source IPs and peaked at 7.92 Gb/s, were fully mitigated by our always-on, cloud-native DDoS protection platform.
Thanks to our machine learning-powered detection and Threat Protection's IP Threat Intelligence, the customer experienced zero downtime. No manual intervention was required, and backend systems remained fully operational. The attack sources were automatically cataloged and integrated into our threat intelligence feed, enhancing protection for all our customers.
Attack Snapshot
- Date: April 23, 2025
- Duration: ~2 minutes
- Attack Type: L4 TCP-flood
- Unique IPs: 609
- Max Rate: 7.92 Gb/s
- Mitigation: 100% blocked by static rules
Figure 1: Network DDoS Dashboard - Geo Heat Map (left) and ASN Hear Map (right)
These incidents highlight a critical lesson: reactive security is no longer sufficient. Financial institutions must adopt proactive, always-on DDoS protection to ensure resilience against increasingly sophisticated and high-volume attacks. With Threat Protection, setting up defense is simple. Our portal allows customers to:
- Quickly configure protection for internet-facing assets
- Visualize and export mitigation data
- Integrate insights into internal systems via API
- Redirect traffic through global Threat Protection Centers for real-time threat filtering
Whether through our full L3–L7 HTTP Proxy or the streamlined L4 Proxy, Threat Protection offers scalable, automated defense tailored to the needs of modern financial services.
Learn More
Explore how Threat Protection can safeguard your organization from DDoS attacks and other cyber threats by clicking here or request a demo today:
Sources:
1. https://www.adyen.com/knowledge-hub/mitigating-a-ddos-april-2025
2. https://mobileidworld.com/swedish-bank-id-service-hit-by-ddos-attack-no-data-compromised/
