SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Phishing
#
Email Security
#
Data Privacy

Cloudflare blocks 108.9 billion cyberattacks targeting civil groups

Yesterday
Author image
By Melvin Hipolito, Editor

Cloudflare has released a report revealing a significant rise in cyberattacks against journalists, human rights advocates, and nonprofit organisations around the world.

The data, published to coincide with the eleventh anniversary of Cloudflare's Project Galileo initiative, provides insight into the frequency and scale of threats faced by vulnerable groups working in public interest sectors.

Growth in cyber threats

Between 1 May 2024 and 31 March 2025, Cloudflare blocked 108.9 billion cyber threats targeting organisations protected under Project Galileo. This equates to an average of nearly 325.2 million cyberattacks per day, representing a 241% increase from the previous year's figures.

Among the affected groups, journalism organisations received the largest volume of attacks, with more than 97 billion requests blocked as potential threats. These threats were recorded across 315 distinct organisations. The second most targeted category was human rights and civil society organisations, which saw 8.9 billion attacks blocked during the period under review.

Cloudflare's report also highlighted a substantial number of cyberattacks against organisations focused on environmental issues and disaster relief, with more than 1 billion malicious requests mitigated.

Changing tactics

The report identified a growing trend of distributed denial-of-service (DDoS) attacks targeting these groups, now surpassing attempts to exploit traditional web application vulnerabilities in frequency. Several case studies illustrate the scale and intensity of these attacks. For example, the Belarusian Investigative Center, an independent journalism organisation, was onboarded to Project Galileo on 27 September 2024 during an active incident. The following day, they faced a significant application-layer DDoS attack generating over 28 billion requests in a single day.

Another case cited was Tech4Peace, a human rights organisation focused on digital rights, which was subjected to a 12-day assault starting 10 March 2025. The attack delivered over 2.7 billion requests and demonstrated a coordinated approach involving both steady, lower-intensity attacks and short, high-intensity bursts. The tactic is viewed as a sign that attackers deliberately varied their methods in an attempt to evade mitigation skills.

Project Galileo's global reach

Project Galileo is Cloudflare's initiative aimed at providing free cybersecurity support to at-risk public interest organisations. The scheme now provides protection for more than 3,000 internet properties operating across over 120 countries.

Partnerships are central to the initiative's operations. Cloudflare currently collaborates with 56 civil society organisations worldwide to identify groups that could benefit from this support. This year, Project Galileo has expanded its reach in the Asia-Pacific region through two new partnerships.

"EngageMedia is a nonprofit organization that brings together advocacy, media, and technology to promote digital rights, open and secure technology, and social issue documentaries. Based in the Asia-Pacific region, EngageMedia collaborates with changemakers and grassroots communities to protect human rights, democracy, and the environment. As part of our partnership, Cloudflare participated in a 2025 Tech Camp for Human Rights Defenders hosted by EngageMedia, which brought together around 40 activist-technologists from across Asia-Pacific. Among other things, the camp focused on building practical skills in digital safety and website resilience against online threats. Cloudflare presented on common attack vectors targeting nonprofits and human rights groups, such as DDoS attacks, phishing, and website defacement, and shared how Project Galileo helps organizations mitigate these risks. We also discussed how to better promote digital security tools to vulnerable groups. The camp was a valuable opportunity for us to listen and learn from organizations on the front lines, offering insights that continue to shape our approach to building effective, community-driven security solutions."

Cloudflare has also partnered with the Open Culture Foundation (OCF), based in Taiwan, which supports more than 34 local civil society organisations by providing training and workshops to manage website infrastructure, address vulnerabilities such as DDoS attacks, and conduct ongoing research on security challenges faced by these communities.

Case studies

The report features a range of organisations protected under Project Galileo, showcasing the diversity of their work and the varied threats they encounter. This includes Fair Future Foundation in Indonesia, which provides essential health and education services; Youth Initiative for Human Rights in Serbia, focusing on youth activism and civil society; and the Greenpeace Canada Education Fund, which works on climate change and environmental justice.

Other organisations named include Insight Crime in Latin America, which investigates organised crime; Diez.md in Moldova, a youth-focused news platform; and Pussy Riot, a Europe-based feminist art and activist collective. The Immigrant Legal Resource Center in the United States and the wildlife conservation charity 5wf Foundation in the Netherlands also feature.

The case studies are presented as examples of the diverse spectrum of responsibilities these organisations undertake and the increasing necessity for robust cybersecurity in maintaining their operations.

Ongoing challenges

Cloudflare's report notes that, in 2025, several Project Galileo partners have faced reductions in funding, which has had an impact on their capacity to support communities and promote human rights and democracy. The report reiterates the collaborative approach taken with civil society partners in regularly identifying organisations at risk and providing ongoing protection.

Cloudflare's report demonstrates an ongoing commitment to supporting public interest groups in the face of heightened cyber threat levels, with partnerships and shared insights seen as key to sustaining these efforts worldwide.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Gallagher unveils High Sec C7000 controller for critical sites
Contrast Northstar brings real-time AI to application security
Upwind names Rinki Sethi Chief Security Officer amid growth
Fake booking sites push malware as HP warns of click fatigue
Red Canary deploys AI agents to slash security investigation times
Top stories
AU10TIX unveils AnyDoc AI tool to combat document fraud risk
Azul boosts Java security with improved runtime vulnerability detection
Phishing-as-a-Service drives surge in cybercrime for 2025
Datadog launches enhanced log tools for cost & compliance needs
Automotive cybersecurity grows as smart vehicles face new threats