The number of malicious requests targeting organizations receiving free security services through Cloudflare’s Project Galileo has more than tripled over the past year, the web security and performance company says.
Under Project Galileo, the company provides free protection to organizations that lack the necessary cybersecurity resources, most of which are non-profits supporting arts, human rights, journalism, and democracy.
In a new report highlighting the web threats these organizations face, Cloudflare says that, between May 1, 2024, and March 31, 2025, its systems blocked 108.9 billion attacks against them, at an average of roughly 325.2 million per day.
These attacks, it explains, include Layer 7 (application-layer) distributed denial-of-service (DDoS) requests, as well as threats blocked by the web application firewall (WAF), such as SQL injection and XSS attacks that typically target input fields on web pages, including donation forms or comment boxes.
The number of attacks observed over the 11 months covered by the report went up by 241% compared to the previous year.
Journalists and news organizations saw the highest volume of attacks, at 97 billion requests (an average of 290 million per day), followed by human rights/civil society organizations, with 8.9 billion blocked requests.
Across journalists and human rights organizations, DDoS traffic accounted for most of the mitigated traffic, with only a small percentage of traffic blocked by the WAF. Most of the traffic to journalist sites was human-generated.
“Many of the targets were investigative journalism outlets operating in regions under government pressure (such as Russia and Belarus), as well as NGOs focused on combating racism and extremism, and defending workers’ rights,” Cloudflare says.
Noteworthy incidents include an attack against the independent journalism organization Belarusian Investigative Center, which was targeted by 28 billion requests on September 28, and human rights organization Tech4Peace, which was the focus of a 12-day assault totaling over 2.7 billion requests.
Cloudflare says it blocked 1.5 billion requests targeting social welfare organizations, and more than 1 billion requests against organizations working in environmental issues and disaster relief.
Related: Europol Announces More DDoS Service Takedowns, Arrests
Related: In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet
Related: Record-Breaking DDoS Attack Reached 5.6 Tbps
Related: Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps
