UN Women Australia

UN Women Australia turned to Project Galileo to mitigate malicious bots that threatened its online security.

Founded in 2010, UN Women Australia — the registered Australian entity for the global champion for gender equality, UN Women — advocates for the rights and well-being of all women. Focusing on the Asia Pacific, and particularly active in disaster-prone areas and regions lacking gender parity, UN Women Australia has five strategic goals that drive its purpose:

• Ending gender-based violence against women and girls
• Enhancing women’s economic empowerment and ability to sustain themselves and their families
• Meeting women’s specific needs in disaster relief and emergency planning efforts
• Promoting women’s leadership and political participation
• Facilitating women’s inclusion in peace-making processes and negotiations

As a not-for-profit organization, UN Women Australia funds its life-changing women's programs with public and private donations and merchandise sales, generated primarily through digital channels. This means that online security is critical and trust is central to its ability to provide crucial services that protect and promote women.

“We work with a wide range of partners to bring our mission to life by raising funds and awareness for gender equality and our women’s programs,” explains Simone Clarke, Chief Executive Officer at UN Women Australia. “Individual donors and supporters interact with us online, and by extension the security of our data is critical and is something we take very seriously.”

Despite the organization’s preparedness, the nature of UN Women Australia’s work and the scale of its fundraising efforts made the organization the target of unwanted attention.

A potential storm of significant impact

UN Women Australia first discovered the vulnerabilities in its security configuration when its banking partners reported a large number of questionable transaction attempts through its online donations gateway. The fraudulent transaction attempts, caused by a series of bot-driven banking identification number (BIN) attacks — automated, brute-force attempts to guess a valid combination of a credit card number, expiration date, and card verification numbers for fraudulent purposes — exploiting shortcomings in third-party payment services. The BIN attacks disrupted operations, and risked potentially thousands of dollars in service fees that the bank later reversed.

“When we saw thousands of hits directed against our servers, we felt incredibly vulnerable,” says Clarke.

With limited technical resources and an equally constrained budget, UN Women Australia took immediate steps to block the online assault, closing its donations and payment gateways and manually validating transactions. With no other immediate solutions on the horizon, one of the organization’s technical collaborators referred the organization to Project Galileo, a Cloudflare initiative that aids vulnerable public interest organizations.

“We work with a range of different experts — commercial IT and SaaS providers,” says Clarke. “But we found ourselves in a situation where few were willing to to help us develop a solution — until we spoke to Cloudflare,” says Clarke.

Protecting the protectors — UN Women Australia + Project Galileo

Working with UN Women Australia, Cloudflare assumed the role of trusted cyber security advisor, filling in the gaps and providing the expert advice to the small fundraising team at UN Women. Rapidly onboarding the organization to Project Galileo, Cloudflare began with an analysis of UN Women Australia’s technical infrastructure to locate the point of failure.

“It all happened very quickly,” says Clarke. “Cloudflare helped us navigate through the different vendors in our technical ecosystem saying, ‘Okay, these are your options, this is where you are most vulnerable, and then mapped out a plan to address those weaknesses.’”

“They went above and beyond to stop the attacks,” adds Leisa Quinn, Senior Manager, Individual Giving at UN Women Australia, “Based on Cloudflare’s input we switched to a payment gateway that offered better security and integrated Turnstile, Cloudflare’s smart CAPTCHA alternative.”

Future-proofing with Cloudflare solutions

With the immediate vulnerability mitigated , UN Women Australia has further future-proofed its public-facing websites and online services using Cloudflare application security solutions. Under Project Galileo, the organization’s security configuration now includes Cloudflare DDoS Protection against denial-of-service attacks and Bot Management to prevent further BIN attacks with automatic behavioral analysis, bot fingerprinting, and machine learning.

The backbone of Cloudflare application services, the Web Application Firewall (WAF), provides the organization with autonomous, layered defenses and the ability to create custom rules to tailor protections and thwart advanced attacks. By helping the organization mitigate its security issues, Project Galileo has enabled UN Women Australia to focus on its core objective — empowering and protecting women.

“One of the best things about Cloudflare is that I don't have to think about it,” says Quinn. “Cloudflare takes care of everything — since we started working together we feel less vulnerable about website security.”

Clarke agrees, adding, “Cloudflare and Project Galileo have been so incredibly helpful, at a time we needed it most, providing us with reliable, reputable, and actionable advice we simply did not have access to otherwise. The impact of these attacks could have been far worse without Cloudflare and Project Galileo.”