Cloudflare Inc. mitigated 38.5 billion cyberattacks against civil society organizations over the past year, the company said in a report out today, and most of it was one kind of attack: Distributed denial-of-service floods made up 81.7% of the malicious traffic.

The data comes from Project Galileo, which Cloudflare started in 2014 to give independent media, human rights groups and nonprofits free protection from the kind of attacks meant to knock them offline. The program now covers more than 3,400 organizations in 120 countries. Last year’s haul of 38.5 billion blocked attacks averaged out to 105 million a day.

What set the civil society attacks apart was not their size but how long they lasted. When Cloudflare’s wider customer base gets hit with this type of DDoS attack, three-quarters of the incidents are over inside 10 minutes. Galileo participants did not get off so easily. The biggest attacks against them dragged on for days, in some cases weeks.

The chunked structure of those campaigns pointed to deliberate intent, according to the report. By sending traffic in short bursts separated by pauses, attackers could fall out of scope of automated defenses, study which rules triggered and adjust their signatures before resuming. One eight-day attack against Tech4Peace, an Iraq-based digital rights group, featured more than 2.6 billion malicious requests and followed the group’s publication of an article debunking an artificial intelligence-generated image of a Syrian politician.

Media organizations took the worst of it. Cloudflare logged 7.1 billion attempts to exploit website flaws and media sites soaked up 40.5% of them while accounting for just 22.7% of the organizations in the program. That works out to roughly one malicious request probing a media organization every seven seconds. Across the board, civil society groups faced website exploit attempts at a rate more than seven times higher than other Cloudflare customers.

Journalists operating in exile were hit hardest of all, facing malicious traffic at nearly four times the rate of journalism organizations overall. In December, the Cuban outlet elTOQUE, run by journalists in exile, was hit by a DDoS attack of nearly 426.8 million requests. The outlet believes the attack was tied to its tool for comparing the Cuban peso against foreign currencies, which the Cuban government has called “economic terrorism.” Its website was blocked inside Cuba the same month.

The Moscow Times also got hit. The outlet moved to Amsterdam after Russia invaded Ukraine and in July attackers threw 123.4 million malicious requests at its site.

Phishing was relentless too. Nearly 10% of the roughly 29 million emails Cloudflare screened for civil society carried potential phishing material. Almost one in three of the most dangerous emails slipped past standard authentication checks before more advanced tools caught them, which Cloudflare said points to attackers getting better at their craft. The report pins some of that on AI, citing a March investigation by Huntress Labs Inc. into a campaign that allegedly used AI-generated lures to phish Microsoft cloud accounts at more than 340 organizations.

The report also tracked 183 internet disruptions across Cloudflare’s network, 85 of which public reporting attributed to government action. The shutdowns clustered around elections, protests and student exam periods. Ahead of Uganda’s Jan. 15 general election, the Uganda Communications Commission ordered service providers to restrict internet access. Cloudflare watched traffic fall 95% inside half an hour. In Iran, the company identified eight government-directed shutdowns, including one that cut national traffic to effectively zero.

The attacks keep hitting groups that have less and less to spend on defending themselves. In 2025, fewer than a third of nonprofits thought their cybersecurity budgets were good enough, the report said, citing NetHope Inc. data. Seven in 10 said their risk had climbed.

“Human rights defenders and journalists face a disproportionate share of online threats,” Khairil Zhafri of EngageMedia said in the report. “In the Asia-Pacific region, where many of the organizations we support operate in constrained or hostile digital environments, that risk is acutely felt.”

Image: SiliconANGLE/Ideogram