Cyber Threats Intensify Against Civil Society

Cloudflare Report Reveals Rising Cyber Threats Facing Civil Society Organizations Worldwide

On the twelfth anniversary of Project Galileo, Cloudflare has released its annual report, Defending the Front Line: Insights from a Year of Protecting Civil Society, shedding light on the growing cybersecurity challenges faced by at-risk organizations worldwide.

The report unveils an expanding threat landscape, influenced by geopolitical conflicts, elections, civic unrest, and increasingly advanced cybercrime targeting resource-constrained institutions.

Through Project Galileo, Cloudflare provides free cybersecurity protection to over 3,400 internet properties in more than 130 countries. The initiative supports journalists, human rights defenders, independent media outlets, environmental organizations, and humanitarian groups by shielding them from cyberattacks.

According to the report, civil society organizations across various regions and sectors have been targeted by cyber threats over the past year, underscoring the escalating digital risks facing groups that play a vital role in promoting democracy, accountability, and public well-being.

DDoS Attacks Dominate the Threat Landscape

Distributed-denial-of-service (DDoS) attacks were identified as the most frequent threat faced by organizations protected under Project Galileo, accounting for 81.7% of all malicious traffic.

These attacks were notable for their duration. While most DDoS incidents mitigated by Cloudflare lasted only minutes, nearly all of the largest attacks targeting civil society organizations persisted for days or even weeks.

One example cited in the report is the Iraq-based digital rights group Tech4Peace, which endured an eight-day DDoS attack involving 2.6 billion malicious traffic requests.

Media Organizations Are Prime Targets

On average, Cloudflare blocked an attack probing a media organization every seven seconds.

Civil society organizations experienced attempts to exploit website vulnerabilities at a rate seven times higher than the average customer on the Cloudflare network.

Media outlets and journalists represented 40.5% of all targets, despite accounting for only 22.7% of organizations protected under Project Galileo.

Exiled Journalists Face Elevated Risks

Exiled journalists were particularly vulnerable, facing malicious traffic rates nearly four times higher than those targeting journalism organizations overall.

The report notes that attacks often concentrated on a small number of specific targets. In December 2025, elTOQUE—a Cuban media organization operating in exile—was subjected to a prolonged DDoS attack believed to have been intended to disrupt access to a currency tracker comparing the Cuban peso with foreign currencies.

Phishing Remains a Persistent Threat

Nearly 10% of emails processed for civil society organizations contained potential phishing attempts.

Compared with other Cloudflare customers, these organizations experienced a higher share of malicious emails seeking unauthorized access.

Notably, around one-third of phishing emails bypassed traditional authentication protocols but were successfully detected by Cloudflare’s advanced security systems.

Internet Disruptions Compound Existing Challenges

Cloudflare recorded 183 internet outages worldwide during the reporting period, including 85 incidents publicly attributed to government actions.

Many of these disruptions coincided with sensitive events such as elections, protests, and student examinations.

In countries including Iran and Uganda, civil society organizations reported that internet shutdowns hindered efforts to serve communities, document abuses, and distribute independent information.

Regional Perspective

Ercan Aydin, AVP for the Middle East, Türkiye, and Africa at Cloudflare, highlighted the unique vulnerabilities associated with rapid digital transformation in the region:

“The Middle East and Africa are undergoing significant digital growth, but this progress has been accompanied by heightened exposure to cyber threats. Organizations engaged in independent journalism, digital rights advocacy, humanitarian projects, and public-interest initiatives operate in increasingly precarious environments. The findings of this year’s Project Galileo report highlight the critical role of enterprise-grade cybersecurity in empowering these groups to continue their vital work.”

Within the Middle East, the report points to persistent cyberattacks against organizations such as Iraq’s Tech4Peace, which has faced repeated DDoS campaigns linked to its high-profile publications and fact-checking efforts.

As cyber threats become increasingly sophisticated and persistent, Cloudflare reaffirmed its commitment to helping civil society organizations strengthen their defenses against attacks aimed at silencing voices, disrupting essential services, and restricting access to information that serves the public interest.