|
Getting your Trinity Audio player ready...
|
San Francisco, CA — Web infrastructure and security company Cloudflare has reported a dramatic increase in cyberattacks targeting nonprofit organizations, particularly journalism and human rights groups, over the past year. According to its newly released threat intelligence report, Cloudflare blocked 108.9 billion malicious requests between May 1, 2024, and March 31, 2025, through its Project Galileo initiative.
Project Galileo provides free cybersecurity protection to vulnerable organizations that support press freedom, human rights, democracy, and social justice, and lack the resources to defend against large-scale digital threats.
Cloudflare noted that the number of cyberattacks against these organizations more than tripled, representing a 241% increase compared to the previous year. The company recorded an average of 325.2 million blocked malicious requests per day.
Journalism Sector Most Targeted
Journalism organizations bore the brunt of these attacks, with 97 billion requests—an average of 290 million per day—blocked over the 11-month period. Human rights and civil society organizations followed with 8.9 billion blocked requests.
Cloudflare revealed that the majority of the traffic targeting journalist and human rights organizations consisted of Layer 7 distributed denial-of-service (DDoS) attacks, which aim to overwhelm websites with application-level traffic. Only a small portion of threats were blocked by the web application firewall (WAF), which intercepted attempts such as SQL injection and cross-site scripting (XSS) attacks—commonly aimed at web forms like comment sections or donation pages.
“Many of the targets were investigative journalism outlets operating in politically sensitive environments—particularly in countries such as Russia and Belarus—alongside NGOs focused on combating racism, defending labor rights, and countering extremism,” the report stated.
Notable Attack Incidents
- The Belarusian Investigative Center, an independent media organization, was hit by an intense DDoS campaign on September 28, with 28 billion malicious requests recorded in a single day.
- Tech4Peace, a human rights organization, experienced a 12-day-long DDoS attack totaling over 2.7 billion requests.
- Organizations focused on social welfare were also targeted, with 1.5 billion requests blocked during the reporting period.
- Entities working on environmental and disaster relief issues saw over 1 billion blocked attempts.
Cloudflare emphasized that much of the traffic directed at journalism sites was human-generated, suggesting deliberate targeting rather than automated scanning.
The findings underscore a growing threat to digital infrastructure supporting civil society and the free press. Cloudflare reiterated its commitment to protecting these organizations through Project Galileo, which it launched in 2014 in response to increasing digital threats faced by vulnerable communities.
Source: Excerpts from article on SecurityWeek by Ionut Arghire
