Overview

In celebration of Project Galileo's 10th anniversary, our goal was to assess cyberattacks that organizations under the Project encounter on a daily basis. By doing so, we aim to provide valuable insights to researchers, civil society members, and targeted organizations, equipping them with effective strategies for protecting both internal information and their public online presence.

This year, we broke down the dashboard into sections:

• Global civil society and human rights organizations
• Global journalism and media organizations
• Organizations based in Ukraine
• Organizations based in Israel and Palestine
• Voting rights organizations based in the United States

Our analysis for this dashboard spanned the period between May 1, 2023 and March 31, 2024. In addition to the data collected, we surveyed Galileo participants to help us understand from their organization’s perspectives what keeps them up at night when it comes to maintaining their digital presence.

Key Statistics

• Under Project Galileo, we protect more than 2,600 Internet properties in 111 countries.

• Between May 1, 2023 and March 31, 2024, Cloudflare blocked 31.93 billion cyber threats against organizations protected under Project Galileo. This is an average of nearly 95.89 million cyber attacks per day over the 11 month period.

• When looking at the different organizational categories, journalism and media organizations were the most attacked, accounting for 34% of all attacks targeting the Internet properties protected under the Project in the last year, followed by human rights organizations at 17%.

• On October 11, 2023, Cloudflare detected one of the largest attacks we’ve seen against an organization under Project Galileo, targeting a prominent independent journalism website covering stories in Russia and across Eastern Europe. We identified a DDoS attack that peaked at 7 million requests per second, with an attack duration of 7 minutes. In total, 1.9 billion DDoS requests targeting the attacked organization were mitigated that day.

• We saw two attacks against an organization that manages vital Internet infrastructure in the Middle East. We mitigated 177 million DDoS requests targeting the organization over a three hour period in October 2023. The second attack in December 2023 reached 42.6 million requests that were mitigated over a two hour period.

• We observed an attack targeting LGBT Foundation, a UK-based LGBTQ+ organization, during the beginning of Pride Month in June 2023. Cloudflare mitigated 144.7 million requests to this organization on June 2, 2023. In addition to this spike in June, we also saw another attack on August 26, 2023 which coincided with Manchester Pride. This second attack peaked at 1.46 million requests per second before finally subsiding on August 29.

Approach to the report

We focus on two approaches to attack mitigation: DDoS mitigation and our Web Application Firewall (WAF). DDoS mitigation includes traffic determined to be part of a Layer 7 (application-layer) DDoS attack. Such attacks are malicious request floods designed to overwhelm a site with the intention of knocking it offline. We block the malicious requests associated with the attack, ensuring that legitimate requests reach the site and that it stays online. In this report, we reference daily DDoS mitigations, which represent requests which were blocked by the Cloudflare layer 7 DDoS product, aggregated by day. Under Project Galileo, organizations have free access to Cloudflare's Business-level services, including our Web Application Firewall, which is a powerful tool to protect web applications from common vulnerabilities, such as SQL injection attacks, cross-site scripting, and more. The WAF is a valuable tool for organizations as it helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.

When reading this report, it is important to recognize that many organizations under Project Galileo are small non-profits, often staffed by volunteers and lacking dedicated cybersecurity teams. As a result, an unexpected traffic spike generating 3 million requests per second could easily take them down, whereas a similar attack on a bank or e-commerce site might not have the same impact.

Protecting civil society and human rights organizations

Civil society has served as the conduit for disseminating information regarding attacks on vulnerable communities, whether occurring in digital spaces or in the physical world. Recently, we’ve increasingly seen governments recognize the impact of cyberattacks on marginalized voices. Governments have turned both to civil society and to the private sector to identify the risks faced by these communities and to provide the necessary resources for their protection. We’ve detailed these collaboration efforts with the US Cybersecurity and Infrastructure Security Agency (CISA) through the Joint Cyber Defense Collaborative (JCDC) with the development of tool kits for high-risk communities and joint guidance to help civil society mitigate and reduce the risk of cyber attacks. The United States and the European Union also released guidance for online platforms to more effectively identify, mitigate, and provide access to remedy for digital attacks targeting Human Rights Defenders. In addition, Cloudflare has participated in the Summit for Democracy and made commitments for various initiatives aimed at promoting human rights online.

Cyber attacks targeting human rights organizations online pose a significant threat to freedom of expression, association, and the ability to hold perpetrators of human rights abuses accountable. These types of organizations face targeted state-sponsored threats, with little expertise or knowledge of the attack landscape that is growing more complex.

We see this firsthand. For this report, we identified 806 human rights organizations protected under Project Galileo across the world to better understand the attacks we see against these groups. Many of the organizations analyzed work in advocacy to prevent and end abuses of human rights, such as Majal, Women’s March Global and UN Women Australia, all of which promote gender equality and the empowerment of women, and Bedayaa, which advocates for LGBTQ + rights in Africa.

Between May 1, 2023 and March 31, 2024, Cloudflare mitigated 5.56 billion requests against civil society and human rights organizations protected under Project Galileo. While this is an average of 16.6 million requests per day over the last 11 months, when attacks occur, sites may receive millions of requests over a very short period of time, often just a few minutes. When we look at the types of threats against these types of organizations, we see a majority of the attacks blocked by the Web Application Firewall and DDoS mitigation. For DDoS mitigation, Cloudflare’s systems constantly analyze traffic and automatically apply mitigation when DDoS attacks are detected. This ensures that even organizations that have limited technical resources and expertise are protected from attack, and means that sometimes the organization is not even aware the attack has occurred.

We’ve detailed attacks against LGBTQ+ groups under Project Galileo in the past, and unfortunately, this year we saw similar trends in attacks targeting these organizations. For example, LGBT Foundation, one of the largest LGBT health and community services charities in the UK, assists 40,000 people directly every year, and a further 600,000 online. We saw an attack targeting this organization that coincided with the beginning of Pride Month in June.

Cloudflare mitigated 144.7 million requests to this organization on June 2, 2023. As seen in the graph below, two three-minute spikes were seen over a ten minute period as part of this attack, with each peaking over 120,000 requests per second.

In addition to this spike in June, we also saw another attack on August 26, 2023, coinciding with Manchester Pride. This event serves as a powerful platform for advocacy, raising awareness about LGBTQ+ issues, challenging discrimination and stigma, and promoting inclusivity and acceptance. Over the course of this second attack, which subsided on August 29, 2023, Cloudflare mitigated 198.2 million requests. During the attack, we observed a three-minute long spike surpassing 1 million requests per second, peaking at 1.46 million requests per second.

Protecting global journalism and media organizations

Project Galileo started as an initiative to protect free expression online. It’s grown to not only protect journalists, but also organizations working in the public interest such as voting rights groups, environmental activists, human rights defenders and more. We’ve seen journalists targeted on the Internet for various reasons, often stemming from the sensitive and impactful nature of their work. To that end, we’ve partnered with prominent organizations such as Internews, Center for International Media Assistance, International Press Institute, International Media Support, and many more to identify where our services are needed.

Overall, we protect 577 organizations that work in journalism and media around the world. We identified a spike in attacks on a prominent journalism organization based in Ukraine on August 29, 2023. The attack started at 13:23 UTC and lasted three minutes, peaking at 13:24 at around 2.5 million requests per second. In 2019, President of Ukraine Volodymyr Zelensky proclaimed August 29th as a national holiday as Remembrance Day of Ukraine's Defenders.

A closer look at the war in Ukraine

Since March 2022, we’ve onboarded 70 organizations in Ukraine to Project Galileo. In total, the program protects 95 organizations in the country. These organizations include those working in journalism and reporting on the ground in Kyiv, human rights activists that are assisting refugees fleeing the country, and groups that have built applications to alert users of incoming air raids.

From March 1 to April 30, 2024, approximately 1.02 billion requests were blocked to organizations based in Ukraine that are protected under the project. We saw a significant increase in attacks towards these organizations in March 2024, when Cloudflare mitigated 912 million requests, a 1466% increase from the previous month, which saw just 58.23 million mitigated requests.

As we reviewed the data, we saw an increase to one organization that caught our attention: Meduza, an organization that has been protected under Project Galileo since the beginning of the full-scale invasion in Ukraine. Meduza is one of the most prominent sources of independent journalism covering stories in Russia and across Eastern Europe. In January 2023, Russia declared the news outlet an “undesirable organization” in an attempt to stop the organization’s reporting on the war in Ukraine. Since the beginning of the war, Meduza has been blocked in Russia.

Our team has met multiple times with the organization to discuss how to protect NGOs and journalists online and extend our cybersecurity protections under Project Galileo. On October 11, 2023, we identified a DDoS attack that peaked at 7 million requests per second, with an attack duration of 7 minutes. 1.9 billion DDoS requests were mitigated in total on that day.

Protecting organizations in Israel and Palestine

We’ve reported on patterns of war time violence coinciding with cyberattacks. Unfortunately, these trends have continued during the war between Israel and Hamas, and the humanitarian crisis in Gaza. Under Project Galileo, we protect a range of organizations based in the region that work to provide emergency response service, vital equipment for hospitals, crowdfunding platforms supporting the Muslim community worldwide, and more. We saw an increase in traffic after October 7th, 2023 to both Israeli and Palestinian organizations, coinciding with the start of the Israel-Hamas war.

As we explored the data further, we saw an attack against a prominent organization based in the United Kingdom that works to secure Palestinian human rights, observing two dates on which there was an increase in mitigated traffic. The first, on October 15, 2023, coincided with the national demonstration in London in support of Palestine. We see in the first spike the requests go from 0 to 44,500 mitigated requests per second within two minutes. When we took a closer look, we identified that many of the requests were mitigated by Cloudflare’s Security Level, a product that uses the threat score (IP reputation) to decide whether to present a challenge to the visitor. The second spike, on February 21, 2024, coincided with UK lawmakers calling for cease-fire in the Israel-Hamas war. This peaked at 10,500 mitigations per second that lasted 40 minutes with an average of 6,638 requests per second.

As we reviewed the data, we saw two attacks against an organization that manages vital Internet infrastructure in the Middle East. Attacking infrastructure entities like registries and registrars is not new, as we saw in Ukraine during the beginning of the war in March 2022, and follows an unsettling trend of targeting broad swaths of a country’s Internet infrastructure.

We saw two noticeable spikes in traffic, the first in October and second in December 2023. The first lasted around 2.5 hours, peaking around 78,500 requests per second. In total, the attack went from 2.48 million requests to 177.42 million requests mitigated per day.

On December 20-21, 2023, there was an attack that lasted more than 2 hours, averaging 8,600 requests per second throughout that period, reaching as high as 13,830 requests per second. In total, this attack saw 42.6 million daily requests mitigated.

Protecting voting rights organizations in the United States

Organizations that work in voting rights undertake a variety of activities aimed at promoting and protecting the right to vote. Cloudflare protects more than 65 Internet properties in the United States that work on a range of topics related to voting rights, promoting free and fair elections, and posting election results. These organizations include Vote America, Decision Desk HQ, U.S. Vote Foundation, and Electionland.

We’ve noticed spikes in traffic around important dates, such as National Voter Registration Day on September 19, 2023. The 2023 United States elections were held, in large part, on Tuesday, November 7, 2023. The off-year election included gubernatorial and state legislative elections in several states, as well as numerous citizen initiatives, mayoral races, and a variety of other local offices on the ballot. We saw another spike in traffic to these organizations on March 5, 2024, which coincides with Super Tuesday in the United States. Super Tuesday is considered the largest nationwide election day before the general election in November.

Survey results

As we continually try to improve the program and cyber security products we provide under Project Galileo, we wanted to hear from organizations about what keeps them up at night when it comes to maintaining their online presence. Ahead of the 10th anniversary, we reached out to a number of organizations that we protect to identify how they approach security, learn the types of attacks they experience, and understand their largest security challenges.

In the survey, we found:

• 46% of organizations have limited staff, with just 1-10 employees.
• 46% of organizations say they receive suspicious malicious emails or other communications more than once per day.
• 58% of organizations experienced a phishing attack in the last year.
• 36% of organizations say they have a dedicated individual that manages cybersecurity, while 28% say they the responsibility is shared amongst staff.
• 37% of organizations do not have an incident response plan.
• 30% of organizations believe they experienced a cyber attack that was directed by a state-sponsored actor.

Conclusion

As we mark the 10th anniversary of Project Galileo, we want to thank all of our civil society partners for their collaboration and efforts in securing vulnerable entities online. We encourage organizations seeking the protection offered by Project Galileo to apply at cloudflare.com/galileo/.