Cloudflare says civil society faces 38.5 billion attacks

Cloudflare has released new data on cyberattacks targeting civil society organisations supported by its Project Galileo programme. The figures show sustained attacks on groups working in the public interest across every region and sector.

Over the past year, Cloudflare blocked 38.5 billion malicious requests aimed at participating organisations, or more than 105 million a day. The programme, which provides cyber protection to selected groups, now supports 59 organisations worldwide.

In Asia-Pacific, 12% of Project Galileo participants are based in the region, while Australian organisations account for about 4% of the total. The Australian groups named are Humanitix and Activists Rights.

The data points to a threat landscape in which smaller, resource-constrained organisations face attacks more commonly associated with states and large corporations. Between February 1, 2025, and January 31, 2026, every region and sector covered by the programme recorded cyberattacks.

Attack patterns

Distributed denial-of-service attacks were the most common form of hostile traffic seen by the programme, accounting for 81.6% of all malicious traffic requests. Human rights organisations received the highest volume of such attacks.

The report also recorded large volumes of attempts to exploit weaknesses in website code to gain access to internal systems. Cloudflare's web application firewall blocked 7 billion vulnerability-related requests, with journalistic organisations receiving the highest volume at 2.85 billion.

Email remained another significant route for attackers. Across 73 Project Galileo participants, Cloudflare identified 1.2 million malicious emails and found that 30.2% bypassed three common authentication methods.

That suggests many organisations still face risks even when standard email protections are in place. For groups such as newsrooms, advocacy bodies and rights organisations, email compromise can expose sources, internal discussions and operational plans.

Broader pressure

The figures also sit alongside wider disruption to internet access. Cloudflare identified 85 government-directed internet outages, representing 46% of all disruptions it was able to identify across its global network.

Those restrictions frequently coincided with elections, protests and student exams. The overlap shows how cyber risk for public interest organisations can extend beyond direct attacks on websites and email systems to broader limits on connectivity.

Project Galileo was set up to provide cyber defence tools to organisations facing online threats because of their work in journalism, human rights, democracy and related public interest fields. The latest figures indicate that such groups continue to face heavy and varied attacks despite often having far fewer technical and financial resources than major commercial organisations.

For Australian and regional participants, the data offers a snapshot of a wider international pattern rather than an isolated local issue. The inclusion of organisations from Australia and across Asia-Pacific suggests the pressure on civil society networks is not confined to traditional geopolitical flashpoints.

The concentration of DDoS traffic is notable because such attacks can knock websites offline and disrupt communications without requiring a successful breach. By contrast, vulnerability-based attacks and malicious email campaigns can be used to seek deeper access to systems, staff accounts and sensitive information.

Taken together, the figures show that public interest organisations are being targeted through several channels at once, from network-level disruption to application exploits and email-based intrusion attempts.