Cloudflare’s Annual Report Exposes Escalating Cyberthreats to Civil Society Organizations Globally
On the twelfth anniversary of Project Galileo, Cloudflare has unveiled its annual report, Defending the Front Line: Insights from a Year of Protecting Civil Society. This report sheds light on the increasing cybersecurity threats that vulnerable organizations face worldwide. The findings indicate a rapidly expanding attack surface fueled by geopolitical tensions, elections, civic unrest, and increasingly sophisticated cybercrime targeting entities that often operate with limited resources.
Project Galileo offers free cybersecurity protection to over 3,400 internet properties across more than 130 countries. This initiative is crucial for defending journalists, human rights advocates, independent media, environmental organizations, and humanitarian groups from cyberattacks.
Cyberattacks on Civil Society: A Global Perspective
The report highlights that civil society organizations across all regions and sectors experienced cyberattacks during the reporting period. This underscores the growing digital risks confronting groups that play vital roles in supporting democracy, accountability, and public welfare.
Key Findings
-
Dominance of DDoS Attacks: Distributed-denial-of-service (DDoS) attacks emerged as the most prevalent cyberthreat against civil society organizations protected under Project Galileo, accounting for 81.7% of all malicious traffic. A defining characteristic of these attacks was their duration. While most DDoS attacks mitigated by Cloudflare for its customers lasted only minutes, many of the largest attacks against civil society organizations extended over days or even weeks. For instance, the Iraq-based digital rights organization Tech4Peace endured an eight-day-long DDoS attack that generated 2.6 billion malicious traffic requests.
-
Frequent Targeting of Media Organizations: On average, Cloudflare blocked a malicious request probing a media organization every seven seconds. Civil society organizations faced attempts to exploit security vulnerabilities at a rate more than seven times higher than other Cloudflare customers. Media organizations, including journalists, were particularly vulnerable, suffering 40.5% of attacks despite representing only 22.7% of the underlying population.
-
Exiled Journalists Under Siege: Journalists operating in exile encountered malicious traffic nearly four times higher than that experienced by journalism organizations overall. Attacks were often concentrated on specific targets. In December 2025, elTOQUE, a Cuban media outlet in exile, faced a DDoS attack believed to be an intentional effort to restrict access to a tracker comparing the Cuban peso with foreign currencies.
-
Phishing Threats: Nearly 10% of all emails processed by Cloudflare for civil society organizations contained potential phishing material. Compared to other Cloudflare customers, civil society organizations faced a higher concentration of malicious emails aimed at unauthorized access. Traditional authentication protocols left these organizations exposed. Alarmingly, nearly one in three emails containing malicious content bypassed standard authentication methods but were flagged by more advanced phishing detection tools provided by Cloudflare.
-
Internet Disruptions: Cloudflare identified 183 internet disruptions across its global network, with 85 attributed to government action. These disruptions coincided with significant events such as elections, protests, and student exams. In countries like Iran and Uganda, civil society organizations reported that shutdowns hindered their ability to reach affected communities, document abuses, and disseminate independent information.
Ercan Aydin, AVP for the Middle East, Türkiye, and Africa at Cloudflare, emphasized the challenges faced by organizations in the region. He noted, “The Middle East and Africa region continues to experience rapid digital transformation, but that progress also brings increased exposure to cyberthreats. Organizations supporting independent journalism, digital rights, humanitarian initiatives, and public-interest causes are increasingly operating in complex threat environments. The findings from this year’s Project Galileo report reinforce the importance of ensuring these organizations have access to enterprise-grade cybersecurity protections, enabling them to continue serving communities, safeguarding information, and supporting social and economic development across the region.”
Regional Implications and Ongoing Threats
The report also highlights specific examples from the Middle East, including sustained attacks against Tech4Peace, which faced multiple DDoS campaigns linked to high-profile publications and fact-checking efforts. As cyberthreats evolve, Cloudflare remains dedicated to assisting civil society organizations in building resilience against attacks that aim to silence voices, disrupt services, and undermine access to information.
The findings from Cloudflare’s report serve as a stark reminder of the vulnerabilities faced by civil society organizations in an increasingly hostile digital landscape. As these organizations continue to play a critical role in promoting democracy and accountability, the need for robust cybersecurity measures becomes ever more pressing.
For further insights into the escalating cyber threats facing civil society organizations, refer to the original report. Source: Intelligent CISO.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
