Cloudflare Reports 81.7% Surge in DDoS Attacks Against Civil Society Organizations
On the twelfth anniversary of Project Galileo, Cloudflare has unveiled its annual report, Defending the Front Line: Insights from a Year of Protecting Civil Society. This report underscores the escalating cybersecurity threats that vulnerable organizations face globally. The findings indicate a rapidly expanding attack surface, driven by geopolitical tensions, elections, civic unrest, and increasingly sophisticated cybercrime targeting organizations that often operate with limited resources.
Project Galileo offers free cybersecurity protection to over 3,400 internet properties across more than 130 countries. This initiative aims to defend journalists, human rights advocates, independent media, environmental organizations, and humanitarian groups from cyberattacks. The report reveals that civil society organizations across all regions and sectors experienced cyberattacks during the reporting period, highlighting the growing digital risks faced by groups that are crucial for democracy, accountability, and public welfare.
Key Findings from the Report
The report presents several critical findings regarding the cybersecurity landscape for civil society organizations:
- DDoS Attacks Dominate Cyber Threats
Distributed-denial-of-service (DDoS) attacks emerged as the most prevalent cyber threat against civil society organizations protected under Project Galileo, accounting for 81.7% of all malicious traffic. The defining characteristic of these attacks was their duration. While most DDoS attacks mitigated by Cloudflare were resolved within minutes, many of the largest attacks against civil society lasted significantly longer, with some extending into days or even weeks. For instance, the Iraq-based digital rights organization Tech4Peace endured an eight-day-long DDoS attack that involved 2.6 billion malicious traffic requests. - Frequent Attacks on Media Organizations
On average, Cloudflare blocked a malicious request targeting a media organization every seven seconds. Civil society organizations faced attempts to exploit security vulnerabilities at a rate more than seven times higher than other Cloudflare customers. Media organizations, including journalists, were particularly vulnerable, receiving 40.5% of attacks despite constituting only 22.7% of the overall population. - Increased Threats to Exiled Journalists
Journalists operating in exile encountered a rate of malicious traffic nearly four times higher than that of journalism organizations overall. Attacks were often concentrated on specific targets. For example, in December 2025, elTOQUE, a Cuban media outlet operating in exile, experienced a DDoS attack believed to be a deliberate attempt to restrict access to a tracker comparing the Cuban peso with foreign currencies. - Phishing Threats on the Rise
Nearly 10% of all emails processed by Cloudflare for civil society organizations contained potential phishing material. Compared to other Cloudflare customers, civil society organizations faced a higher concentration of malicious emails aimed at unauthorized access. Traditional authentication protocols left these organizations vulnerable, with nearly one in three emails containing malicious content bypassing standard authentication methods. However, more sophisticated phishing detection tools provided by Cloudflare successfully identified these threats. - Government-Attributed Internet Disruptions
Cloudflare identified 183 Internet disruptions across its global network, with 85 of these attributed to government action. These disruptions often coincided with elections, protests, and student exams. In countries such as Iran and Uganda, civil society organizations reported that shutdowns hindered their ability to reach affected communities, document abuses, and disseminate independent information.
Regional Implications and Context
Ercan Aydin, AVP for the Middle East, Türkiye, and Africa at Cloudflare, emphasized the rapid digital transformation in the region, which also brings increased exposure to cyber threats. Organizations that support independent journalism, digital rights, humanitarian initiatives, and public-interest causes are increasingly operating in complex threat environments. The findings from this year’s Project Galileo report highlight the necessity of providing these organizations with access to enterprise-grade cybersecurity protections, enabling them to continue serving communities, safeguarding information, and supporting social and economic development across the region.
The report also highlights specific examples from the Middle East, including sustained attacks against the Iraq-based digital rights organization Tech4Peace, which faced multiple DDoS campaigns linked to high-profile publications and fact-checking efforts.
As cyber threats continue to evolve, Cloudflare remains committed to assisting civil society organizations in building resilience against attacks that aim to silence voices, disrupt services, and undermine access to information.
For further insights into the growing cybersecurity threats faced by civil society organizations, refer to the original reporting source: securitymea.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
