GEC NEWS WIRECloudflare celebrates the tenth anniversary of Project Galileo, which offers free protection against DDoS attacks to at-risk public interest groups such as minority rights organizations, human rights defenders, journalists, and democracy programs. To mark the occasion, Cloudflare highlights the program’s progress, statistics, and expanding recipient base.
As part of Cloudflare’s mission to help build a better Internet, Project Galileo aims to protect free expression online by offering cybersecurity services like unmetered DDoS protection at no cost. Project Galileo was founded in 2014 after Cloudflare witnessed journalism and nonprofit sites being targeted by very large DDoS attacks. Such attacks flood sites with malicious requests with the intention of knocking them offline, with millions or billions of requests over a very short period of time. For organizations with small staff and budgets, these attacks often take down the site and prevent those in need from accessing the important work and services these organizations aim to provide.
“Part of protecting the free and open Internet means making sure that civil society and political opposition around the world are not forced offline simply for speaking out or challenging those in power. Cloudflare is often the only defense standing between these vulnerable humanitarian, human rights, and journalism groups, and the people who want to take them down,” said, Matthew Prince, co-founder and CEO, Cloudflare. “To see this problem ten years ago, and to be in a position to help, has been one of our company’s most important projects, particularly for our employees, who are always willing to make time to onboard and assist new organizations. This is part of our mission to help build a better Internet.”
Cybersecurity Threats are an Ongoing Challenge for At-Risk Groups
Between May 1, 2023, and March 31, 2024, Cloudflare mitigated 31.93 billion cyber threats against organizations protected under Project Galileo. This is an average of nearly 95.89 million cyber threats per day over the last 11 months. According to a survey of Project Galileo participants, only 36% of organizations have a dedicated individual that manages cyber security, and 46% of organizations have a limited staff of just 1-10 employees, which means every moment spent combating security threats is time taken away from these organizations’ true missions. Further analysis of attacks on Project Galileo participants showed:
- The largest attack on a Project Galileo organization targeted an independent journalism website:On October 11, 2023, the largest attacks seen against an organization under Project Galileo targeted Meduza, a prominent independent journalism website covering stories in Russia and across the former Soviet Union. The DDoS attack peaked at 7 million requests per second, with an attack duration of 7 minutes. The daily DDoS requests that were mitigated on that day reached 1.9 billion requests.
- Journalists and independent media are the most frequently attacked organizations:Journalists and media organizations were the most attacked category, accounting for 34% of all attacks to the Internet properties protected under the project in the last year, followed by human rights organizations at 17%.
- War-time violence is associated with cyber attacks:Cloudflare has reported patterns of war-time violence accompanied by cyberattacks against Ukrainian organizations, and more recently, organizations connected to Israel and the Palestinian territories. Traffic after October 7, 2023, to Israeli and Palestinian organizations increased, coinciding with the start of the Israel-Hamas conflict. For example, a prominent organization based in the United Kingdom that works to secure Palestinian human rights saw two major attacks. The first, on October 15, 2023, coincided with the national demonstration in London in support of Palestinians and spiked from 0 to 44,500 mitigated requests per second within two minutes. The second, on February 21, 2024, coincided with UK lawmakers calling for a cease-fire, and peaked at 10,500 mitigations that lasted 40 minutes with an average of 6,638 requests per second. Similarly, an organization that manages vital Internet infrastructure in the Middle East, saw two major increases in mitigated traffic — in October, lasting around 2.5 hours and peaking around 78,500 requests per second, and in December, lasting more than 2 hours and averaging 8,600 requests per second throughout that period, reaching as high as 13,830 requests per second.
