Cloudflare’s Project Galileo Turns 10: Marks One Decade of Protecting At-Risk Organizations Online

Project Galileo now protects 2,600+ public interest organizations in 111 countries for free, against about 96 million DDoS attacks every day

This Press Release is also available in 日本語, 한국어, Deutsch, Français, Español LATAM, and Nederlands.

San Francisco, CA, June 6, 2024Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today celebrates the tenth anniversary of Project Galileo, a free offering to protect at-risk public interest groups from distributed denial-of-service (DDoS) attacks and keep them online. These vulnerable targets can include minority rights organizations, human rights defenders, independent journalists, and democracy protection programs. To mark the anniversary, Cloudflare is offering a look at the program’s momentum, statistics, and growing recipient base.

As part of Cloudflare’s mission to help build a better Internet, Project Galileo aims to protect free expression online by offering cybersecurity services like unmetered DDoS protection at no cost. Project Galileo was founded in 2014 after Cloudflare witnessed journalism and nonprofit sites being targeted by very large DDoS attacks. Such attacks flood sites with malicious requests with the intention of knocking them offline, with millions or billions of requests over a very short period of time. For organizations with small staff and budgets, these attacks often take down the site and prevent those in need from accessing the important work and services these organizations aim to provide.

“Part of protecting the free and open Internet means making sure that civil society and political opposition around the world are not forced offline simply for speaking out or challenging those in power. Cloudflare is often the only defense standing between these vulnerable humanitarian, human rights, and journalism groups, and the people who want to take them down,” said Matthew Prince, co-founder and CEO, Cloudflare. “To see this problem ten years ago, and to be in a position to help, has been one of our company's most important projects, particularly for our employees, who are always willing to make time to onboard and assist new organizations. This is part of our mission to help build a better Internet.”

Cybersecurity Threats are an Ongoing Challenge for At-Risk Groups

Between May 1, 2023, and March 31, 2024, Cloudflare mitigated 31.93 billion cyber threats against organizations protected under Project Galileo. This is an average of nearly 95.89 million cyber threats per day over the last 11 months. According to a survey of Project Galileo participants, only 36% of organizations have a dedicated individual that manages cyber security, and 46% of organizations have a limited staff of just 1-10 employees, which means every moment spent combating security threats is time taken away from these organizations’ true missions. Further analysis of attacks on Project Galileo participants showed:

  • The largest attack on a Project Galileo organization targeted an independent journalism website: On October 11, 2023, the largest attacks seen against an organization under Project Galileo targeted Meduza, a prominent independent journalism website covering stories in Russia and across the former Soviet Union. The DDoS attack peaked at 7 million requests per second, with an attack duration of 7 minutes. The daily DDoS requests that were mitigated on that day reached 1.9 billion requests.

  • Journalists and independent media are the most frequently attacked organizations: Journalists and media organizations were the most attacked category, accounting for 34% of all attacks to the Internet properties protected under the project in the last year, followed by human rights organizations at 17%.

  • War-time violence is associated with cyber attacks: Cloudflare has reported patterns of war-time violence accompanied by cyberattacks against Ukrainian organizations, and more recently, organizations connected to Israel and the Palestinian territories. Traffic after October 7, 2023, to Israeli and Palestinian organizations increased, coinciding with the start of the Israel-Hamas conflict. For example, a prominent organization based in the United Kingdom that works to secure Palestinian human rights saw two major attacks. The first, on October 15, 2023, coincided with the national demonstration in London in support of Palestinians and spiked from 0 to 44,500 mitigated requests per second within two minutes. The second, on February 21, 2024, coincided with UK lawmakers calling for a cease-fire, and peaked at 10,500 mitigations that lasted 40 minutes with an average of 6,638 requests per second. Similarly, an organization that manages vital Internet infrastructure in the Middle East, saw two major increases in mitigated traffic — in October, lasting around 2.5 hours and peaking around 78,500 requests per second, and in December, lasting more than 2 hours and averaging 8,600 requests per second throughout that period, reaching as high as 13,830 requests per second.

LGBTQ, Women’s Empowerment Organizations, and More Can Further Their Missions with Cloudflare’s Protection

  • Awaq ONGD: “Project Galileo's services are not just integral but absolutely indispensable to our organization's operations. They go beyond enhancing website performance, security, scalability, and reliability—they are the very backbone that enables us to exist and thrive in the digital world. It not only helps us save on cyber security expenses but also provides us with the financial flexibility to allocate those resources toward our core mission of fighting climate change.” – Nicolás Morgado, Director of Cybersecurity
  • LGBT Foundation: “Project Galileo has been fundamental when our day to day has so much risk of online threats and attacks – civil rights organizations like ours need support 365 days a year. It is important to note that as a Registered Charity, we’re not massively resourced, so staying online is how we’re able to save lives. The team at Cloudflare and Ave Design Studio that keep us secure and online every single day are the unsung heroes to organizations like ours.” – Matthew Belfield, head of communications and marketing
  • Tech4Peace: “Without Cloudflare's protection, our website and app would be vulnerable to attacks, potentially impeding our ability to provide timely and reliable information to those who need it most and hindering our efforts to solve urgent cases via the helpline, especially those relating to journalists, activists, and women facing gender-based violence.” – Aws Al-Saadi, founder and president
  • UN Women Australia: “Cloudflare and Project Galileo have been amazing, providing us with reliable, reputable, and actionable advice we simply would not have had access to otherwise. Its expertise and strategic advice came at a time we needed it most. The potential impact of the attacks could have been far worse without Cloudflare’s support.” – Simone Clarke, Chief Executive Officer
  • Cagle Cartoons: “Our servers, sites, and online delivery are protected by Cloudflare through Project Galileo, and we couldn’t be in business without this protection. Our sites and political cartoonists are a target of an astounding amount of hacker attacks.” – Daryl Cagle, Chief Executive Officer

Growing List of Partners Helps to Drive the Program’s Expansion

Cloudflare partners with 54 respected civil society organizations to identify websites eligible for participation in Project Galileo. These groups provide expertise in their areas of influence to ensure applicant organizations are approved in an unbiased and neutral process.

  • Internet Society, a global charitable organization empowering people to keep the Internet a force for good: “Victims of domestic violence, democracy activists, and journalists can be targeted by very powerful and determined attackers, and have to be especially careful with their digital presence and trail online, lest they be harmed, imprisoned, or killed. We need a diverse group of knowledgeable individuals supporting and advocating for which voices and initiatives deserve a leg up. That's exactly the aim of programs like Project Galileo.” – Dr. Joseph Hall, distinguished technologist
  • National Democratic Institute, a nonprofit, nonpartisan organization working to support and strengthen democratic institutions worldwide through citizen participation, openness and accountability in government: "Cloudflare’s Project Galileo stands out to us for its commitment to providing not only free but also easily accessible resources. The project's user-friendly resource guides, for example, have made it much easier for NDI to introduce concepts like DDoS protection to our diverse range of democracy partners working to protect their operations — especially in the context of elections and other critical political processes." – Evan Summers, program director for Digital Resilience
  • NetHope, a global consortium of nonprofits working to effectively address the world's most pressing challenges through collaboration, collective action and the smarter use of technology: “Our NetHope community and the Global Humanitarian ISAC recognizes that cybersecurity is a team sport, and it is only by working together with partners like Cloudflare that we will succeed in keeping nonprofits’ missions safe in the digital age. Nonprofits provide last-mile critical infrastructure and lifesaving aid to millions of people worldwide, yet are actively targeted by malicious actors including nation states. By joining forces with partners like Cloudflare, through Project Galileo, we can each bring our specific expertise to defending these nonprofits for the good of people and the planet.” – Dianna Langley, chief operating officer

To learn more, please check out the resources below:

About Cloudflare Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at https://radar.cloudflare.com.

Follow us: Blog | X | LinkedIn | Facebook | Instagram

Forward-Looking Statements This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding Cloudflare’s plans and objectives for Project Galileo, Cloudflare’s ability to protect against DDoS attacks, and Cloudflare’s products and technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on May 2, 2024, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

© 2024 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

Información de contacto de prensa
Daniella Vallurupalli
+1 650-741-3104