Tag Archives: Project Galileo

Continuing our work with CISA and the Joint Cyber Defense Collaborative to keep vulnerable communities secure online

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/cisa-cyber-defense-keep-vulnerable-communities-secure-online

Internet security and reliability has become deeply personal. This holds true for many of us, but especially those who work with vulnerable communities, political dissidents, journalists in authoritarian nations, or human rights advocates. The threats they face, both in the physical world and online, are steadily increasing.

At Cloudflare, our mission is to help build a better Internet. With many of our Impact projects, which protect a range of vulnerable voices from civil society, journalists, state and local governments that run elections, political campaigns, political parties, community networks, and more, we’ve learned how to keep these important groups secure online. But, we can’t do it alone. Collaboration and sharing of best practices with multiple stakeholders to get the right tools into the groups that need them is essential in democratizing access to powerful security tools.

Civil society has historically been the voice for sharing information about attacks that target vulnerable communities, both online and offline. In the last few years, we see governments increasingly appreciating how cyberattacks affect vulnerable voices and make an effort to identify the risks to these communities, and the resources available to protect them.

In March 2023, the US government launched the Summit for Democracy co-hosted by Costa Rica, Zambia, the Netherlands, and South Korea. We’ve written about our work at the summit and commitments on a wide range of actions to help advance human rights online. We were also proud to be included in US Agency for International Development’s (USAID) announcement, as part of the second summit in South Korea in March 2024, as a potential technology partner for the Advancing Digital Democracy Academy initiative, which will offer skills training in cybersecurity, cloud computing, responsible AI to support governments, civil society organizations, and other vulnerable groups.

With multistakeholder collaboration a growing effort, we want to give you insight into our ongoing efforts with the US Cybersecurity and Infrastructure Security Agency through the Joint Cyber Defense Collaborative (JCDC) to work together to raise awareness about threats to civil society, best practices that groups can use to protect themselves online today, and new resources developed for these vulnerable communities.

What types of threats do civil society organizations face?

Civil society organizations, which include non-governmental organizations, community-based organizations, and advocacy groups, face a wide range of threats and challenges that can vary depending on their location, focus areas, and activities. These threats can come from various sources, offline and online, from governments, non-state actors, and external influences.  

Since our founding, we’ve provided a set of free services based on the idea that democratizing access to cybersecurity products makes the Internet safer and faster for a broader audience. Since 2014, we’ve continued to strengthen this idea with Project Galileo, providing a higher level of protection to vulnerable voices. Fast forward to 2024, and we now protect more than 2,600 organizations in 111 countries under Project Galileo, allowing us to gain a better understanding of threats these organizations face on a daily basis. In June 2023, we published a report showing that between July 1, 2022, and May 5, 2023, Cloudflare mitigated 20 billion attacks against organizations protected under the project, an average of nearly 67.7 million cyber attacks per day over the 10 month period.

We continue to learn more about cyberattacks against these groups and how to better equip them with the tools they need to stay online. Our Q2 2023 DDoS report, for example, noted that 17.6% of all traffic to nonprofits was DDoS traffic, and that nonprofits were the second most targeted sector for DDoS. In addition, we see prominent civil society organizations, like our partner the International Press Institute, fall victim to a cyber attack after releasing a report identifying multiple DDoS attacks against many independent media outlets in Hungary over a five month period.

What do these attacks look like for a civil society organization?

It is easy to provide overall statistics on the number of cyber attacks we see against organizations under Project Galileo. But that doesn’t provide the whole story on what attacks look like in practice or how organizations can defend against them in real time.

When we were developing our Radar dashboard for the 9th anniversary of Project Galileo, we came across a noteworthy incident that involved an organization reporting on international legal issues, which highlights the importance of having security measures in place, even for organizations that do not believe they are a target. This event occurred between March 17 and March 18, 2023. On March 17, an international arrest warrant was issued for Russian President Vladimir Putin and Russian official Maria Lvova-Belova in connection with an alleged plot to relocate Ukrainian children to Russia.

Before and after this incident, the organization’s website experienced low levels of traffic. However, on March 17, we observed a sudden surge in request traffic, escalating from under 1,000 requests per second to approximately 100,000 requests per second within a four-hour window, reaching its peak at 19:00 UTC. Fortunately, the majority of this traffic was effectively managed by our Web Application Firewall. Another notable spike occurred on March 18, with the peak occurring at 09:45 UTC, surpassing 667,000 requests per second. Almost all of these requests were identified as Distributed Denial of Service (DDoS) attacks, as illustrated in the chart above. Throughout March 18, Cloudflare successfully thwarted a total of 844.4 million requests categorized as application layer DDoS attacks.

This incident highlights a recurring theme that we encounter within Project Galileo. Many organizations may remain unaware of their vulnerability to cyberattacks until their website is targeted by a disruptive DDoS attack. In this instance, the organization maintained its online presence throughout the entire attack, likely only discovering the abnormal surge in traffic after the attack had subsided.

This is just one example of an attack targeting an organization under Project Galileo, but they happen every day. But don’t just take it from us, check out more stories from organizations on how they stay secure online.

Collaborating with CISA through the Joint Cyber Defense Collaborative to identify how to get our services to more vulnerable communities

One of the ways we expand our protections with Project Galileo is through partnerships and collaborations. We currently work with more than 50 civil society organizations who approve organizations for protection under Project Galileo. The role of our civil society partners is essential as they have the knowledge and expertise around organizations that need these types of services.

When JCDC reached out to us about an initiative focused on protecting vulnerable communities online, we were excited to help make resources more accessible from a trusted voice. As governments increasingly identify the need for cybersecurity services for vulnerable communities, they have the ability to make these resources accessible and bring together multiple stakeholders to help promote best security practices. With JCDC, we are collaborating on three working groups to cover a range of topics that include crowdsourcing resources available for at-risk communities, developing new resources for these groups, cyber volunteer programs from companies and civil society, information sharing and development of threat reports and more.

With a range of stakeholders including civil society, tech companies, and CISA, we’ve been able to identify opportunities to build capacity and transparency strategies when it comes to extending products to these communities. We hope that other governments can see these efforts on providing protections to vulnerable communities as a model for effective collaboration.

What are steps you can take right now to ensure your organization’s website and internal teams are protected?

As part of our working groups with JCDC, we focused on enhancing the baseline of cyber hygiene for civil society organizations and improving resilience and response capabilities in the face of a cyberattack. We put together a list of tools and resources that are available for much of these groups that include:

  • Cloudlare’s Social Impact portal to help organizations navigate how to keep their website secure on Cloudflare.
  • Zero Trust Security for vulnerable communities: In this roadmap, created by Cloudflare, intended for civil society and at-risk organizations, we hope to demystify the work of Zero Trust security and offer easy to follow steps to boost your cyber security efforts in your organization. This roadmap includes a range of Cloudflare’s security products with case studies for civil society, level of effort to implement, and the teams involved to make the complex world of cyber security more accessible and understandable to a wider audience.
  • Cloudflare Radar and the Outage Center to track Internet shutdowns: In addition to the route leaks and route hijacks insights, we have Radar notification functionality, enabling organizations to subscribe to notifications about traffic anomalies, confirmed Internet outages, route leaks, or route hijacks.
  • JCDC’s CISA Awareness site: CISA—through JCDC—has compiled a list of cybersecurity resources intended to help high-risk communities who are at heightened risk of being targeted by cyber threat actors because of their identity or work.

To the future

There is still a lot of work to be done when it comes to protecting vulnerable voices. We hope that by collaborating with a range of stakeholders from governments, civil society, and tech companies we can better share tools and expertise to help these communities navigate the complex digital environments we find ourselves in. We remain committed to this crucial mission in the years to come and look forward to creating more partnerships to expand our products into new areas.
If you are an organization looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

Cyber attacks targeting Jewish and Holocaust educational websites surge by 872% in 2023

Post Syndicated from Omer Yoachimik http://blog.cloudflare.com/author/omer/ original https://blog.cloudflare.com/cyber-attacks-targeting-jewish-and-holocaust-educational-websites-surge-by-872-in-2023

Tomorrow is the International Holocaust Remembrance Day, a mournful occasion to remember those who perished at the hands of the Nazis and their collaborators. The Holocaust, a catastrophic event in human history, resulted in the extermination of one-third of the Jewish population in Europe — totaling six million Jews during the Second World War. It also claimed the lives of countless others from minority and disability groups targeted under the Nazis’ brutal regime of intolerance.

At Cloudflare, through Project Galileo, we are committed to safeguarding Jewish and Holocaust educational websites. This initiative offers complimentary protection to vulnerable groups worldwide. You can apply for the project using this form.

Combating antisemitism with education and cyber defense

Today more than ever, it’s important to ensure educational websites about the Holocaust are protected and available. Education about the Holocaust helps communities understand the dangers of prejudice and dehumanization, and can play an important role in combating antisemitism. As only 13 countries worldwide have mandated Holocaust education, publicly available resources play an important role in ensuring access to information.

According to the Anti-Defamation League, over 1 billion people globally are reported to hold antisemitic attitudes. In the United States, the Anti-Defamation League has reported that antisemitic sentiments are held by about 10% of the population and has identified a decade-long rise in antisemitic incidents, increasing by 360% following the October 7 Hamas-led attack on Israel. The European Commission has also described a dramatic surge in antisemitism in Europe, with incidents in London alone rising by 1,350% post-October 7. This alarming trend indicates a growing need for awareness and educational efforts. We are proud to do our part, and provide cyber defenses to ensure the availability of online educational resources.

Surge in cyber attacks against Jewish and Holocaust Educational websites

In 2023, these defenses mitigated over 35.7 million malicious HTTP requests that targeted Jewish and Holocaust educational websites. This represents a staggering 2,190% increase in malicious requests compared to 1.6 million requests in 2022. This figure includes all types of application-layer cyber attacks including Distributed Denial of Service (DDoS) attacks that aim to take down websites and all other common application attacks that were mitigated by our Web Application Firewall (WAF) suite. On average, Cloudflare mitigated 4,000 malicious requests every hour.

Mitigated requests against Jewish and Holocaust education websites

The 35.7 million HTTP requests that were mitigated by Cloudflare accounted for 2.6% of all inbound requests to Jewish and Holocaust educational websites in 2023. When we normalize the amount of mitigated requests by the total inbound requests to those websites, in order to remove any data biases, we still see a significant increase.

In 2023, the percentage of mitigated requests towards Jewish and Holocaust educational websites grew from 0.3% in 2022 to 2.6% in 2023. This represents an 872% year-over-year growth. For comparison, between 2020 and 2021, this share of mitigated requests towards these websites grew by 60% and between 2021 and 2022 it grew by 78%. So in 2023, the growth rate of mitigated requests grew 12 times more than in previous years.

Percentage of mitigated requests against Jewish and Holocaust education websites out of total requests

The rise in cyber attacks against Jewish and Holocaust educational websites coincides with an overall increase of 27% in DDoS attacks against Israeli websites. More can be found in our latest DDoS threat report and our unique coverage of the cyber attacks that immediately followed the October 7 attack.

Helping build a better Internet, and a better world

As we conclude this post on International Holocaust Remembrance Day, it’s clear that the fight against antisemitism and cyber threats is more crucial than ever. At Cloudflare, we are steadfast in our commitment to helping build a safer, better Internet. We understand the importance of protecting educational websites and communities from cyber attacks, and we encourage everyone to take a stand with us. Even our free plan offers robust security and performance capabilities, ensuring that critical resources and websites are safeguarded and available. Together, we can make a meaningful difference and ensure that the lessons of history are preserved and protected.

Nine years of Project Galileo and how the last year has changed it

Post Syndicated from Jocelyn Woolbright original http://blog.cloudflare.com/nine-years-of-project-galileo-and-how-the-last-year-has-changed-it/

Nine years of Project Galileo and how the last year has changed it

Nine years of Project Galileo and how the last year has changed it

If you follow Cloudflare, you know that Birthday Week is a big deal. We’ve taken a similar approach to Project Galileo since its founding in 2014. For the anniversary, we typically give an overview of what we have learned to protect the most vulnerable in the last year and announce new product features, partnerships, and how we’ve been able to expand the project.

When our Cloudflare Impact team was preparing for the anniversary, we noticed a theme. Many of the projects we worked on throughout the year involved Project Galileo. From access to new products, development of privacy-enhancing technologies, collaborations with civil society and governments, we saw that the project played a role in either facilitating conversation with the right people or bridging gaps.

After reflecting on the last year, we’ve seen a project that was initially intended to keep journalism and media sites online grew into more. So, for this year, in addition to new announcements, we want to take the time to reflect on how we have seen Project Galileo transform and how we look toward the future in protecting the most vulnerable on the Internet.

Project Galileo +

The original goal of Project Galileo was simple. Although Cloudflare had free services available to anyone online, including cyber security services like unmetered DDoS protection, based on meetings with the Committee to Protect Journalists and others, we thought there was more we could do to help important but vulnerable voices online.

To that end, we launched Project Galileo to provide free access to additional Cloudflare services for qualifying organizations. Predictably, our first challenge was deciding exactly how to determine which organizations should qualify for the program. We knew generally that we wanted to help journalists, human rights defenders, civil rights activists, and other humanitarian organizations. We also thought it would be a better, more transparent program if Cloudflare were not making those decisions on our own.

So, we recruited as many well-respected organizations working in those fields as we could. When we launched, we were incredibly excited that we had 14 organizations willing to volunteer their time to help us. Nine anniversaries later, not only are we still working with all of our original partners, often on a daily basis to review and approve new Project Galileo participants, but our partner list has actually grown to 50 organizations, including the Council of Europe and the Business & Human Rights Resource Centre.

With their help, Project Galileo now protects more than 2,271 organizations in 111 countries. In addition to helping us grow the number of organizations participating in the program, our growing list of partners has also helped drive a number of expansions and other projects, which continue to make the Internet a safer place.

  • Helping with new issues: In September 2022, Cloudflare extended Project Galileo services to abortion rights groups through our partnership with Digital Defense Fund, an organization that works to provide digital security tools for the abortion access movement. Extending privacy and security services to those that support access to safe and legal abortion and advocated for the right to protect and expand reproductive freedom was the right thing to do and we were proud to do it.
  • Adding new services — internal networks: As Cloudflare has developed new product features, we've worked with our partners to determine which would be the most helpful to provide to vulnerable communities. In 2022, Cloudflare added Zero Trust security products for organizations under Project Galileo (and the Athenian Project). As a result, Project Galileo not only protects our participants' web properties, but is also helping secure internal networks for organizations like CyberPeace Institute, Meedan, Organization of American States (OAS), and The Information Technology Disaster Resource Center (ITDRC). We also created the Cloudflare Social Impact Portal, which provides step-by-step onboarding instructions, videos, and tutorials to help onboard Cloudflare Zero Trust products, specifically tailored for nonprofit organizations.
  • Tracking Internet shutdowns: In 2021, working with Access Now, Internews, the Carter Center, National Democratic Institute, Internet Society, and the International Foundation for Electoral Systems, the Cloudflare Radar team launched an alert tool to help identify outages for human rights organizations that track Internet shutdowns. In 2022, we launched alerts with Radar 2.0 and API access to make it easier for those organizations as well as other civil society groups and journalists to automatically integrate Cloudflare network data into their monitoring tools.
  • Working with governments to protect human rights defenders: As a result of our work with Project Galileo, Cloudflare has been able to work with our partners to share our experience and best practices with the US State Department, US Agency for International Development (USAID), and other government agencies that are helping advance global privacy and security protocols to support democratic governance, privacy, and protections for human rights defenders online. As part of that work, Cloudflare made a number of additional commitments as part of the 2023 Summit for Democracy, including making post-quantum encryption available for all Cloudflare customers and Project Galileo participants at no charge.

At Cloudflare, we often talk about how we are just getting started, which is true for Project Galileo as well. But, before we talk about what's new this year, it's worth taking a moment to appreciate not only how the program has grown, but also how the community that has developed around it has helped launch other new ideas and initiatives to help advance human rights online.

What’s next? (Ninth anniversary!)

For the ninth anniversary, we want to focus on access to affordable cyber security tools and what we have learned protecting the most vulnerable communities. That is in the form of new technical resources, a Radar report on cyber threats to Galileo organizations, partnerships to expand product offerings, and more.

This year, we are happy to announce an extension of our partnership with the CyberPeace Institute to provide Area 1 tools to Development and Humanitarian Organizations (DHOs) as part of Project Galileo. Over the course of the partnership, CyberPeace Institute will onboard their network of NGOs that are part of the CyberPeace Builders program  and act as a centralized point of contact to feed real-time security alerts  with a focus on phishing campaigns to civil society organizations.

"United against cyber threats, the CyberPeace Institute and CloudFlare stand tall, safeguarding civil society organizations from the treacherous tide of phishing campaigns. Together, we defend the defenders and empower the champions of peace in the digital realm."
Stéphane Duguin, CEO, CyberPeace Institute

Nine years of Project Galileo and how the last year has changed it

At Cloudflare, we think it is important to have affordable cyber security tools, as the threats are increasing in frequency and sophistication, and organizations and individuals alike need effective tools to protect themselves from these threats. As part of our Zero Trust offering under Project Galileo, we have created a new Zero Trust Roadmap for high-risk organizations to make the complex world of cyber security more accessible and understandable to a wider audience.

For the Project Galileo 9th anniversary, we wanted to identify the types of attacks these groups face to better equip researchers, civil society, and organizations that are targeted with best practices for safeguarding their websites and internal data. With that, we developed a Radar report aimed at highlighting organizations that were the center of public debate in the last year. Specifically, organizations that support LGBTQ+ rights, civil society, pro-choice advocacy and health, and in Ukraine.

Our main findings:

  • Between July 1, 2022, and May 5, 2023, Cloudflare mitigated 20 billion attacks against organizations protected under Project Galileo. This is an average of nearly 67.7 million cyber attacks per day over the last 10 months.
  • For LGBTQ+ organizations, we saw an average of 790,000 attacks mitigated per day over the last 10 months, with a majority of those classified as DDoS attacks.
  • Attacks targeting civil society organizations are generally increasing. We have broken down an attack aimed at a prominent organization, with the request volume climbing as high as 667,000 requests per second. Before and after this time the organization saw little to no traffic.
  • In Ukraine, spikes in traffic to organizations that provide emergency response and disaster relief coincide with bombings of the country over the 10-month period.
Nine years of Project Galileo and how the last year has changed it

In addition, we launched new case studies and added content to our Cloudflare Social Impact Portal to help organizations stay secure with our security offerings. Cloudflare is sponsoring Access Now’s RightsCon and we are excited to be attending the conference in Costa Rica to bring together many of our Project Galileo civil society partners. RightsCon convenes a broad range of civil society groups and business and public sector stakeholders to talk and learn about digital rights issues.

The future of Project Galileo

The last year has shown us a lot on how we can use Project Galileo beyond just protecting vulnerable voices, but to work in new avenues to extend Cloudflare’s protection and provide our expertise to a range of groups working in digital security issues. As we look toward the next year, we will continue to look for new ways to expand our protections to at-risk groups around the world.

If you are an organisation looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

Cloudflare’s commitment to the 2023 Summit for Democracy

Post Syndicated from Patrick Day original https://blog.cloudflare.com/cloudflare-commitment-to-the-2023-summit-for-democracy/

Cloudflare’s commitment to the 2023 Summit for Democracy

Cloudflare’s commitment to the 2023 Summit for Democracy

On Tuesday, March 28, 2023, the US Government will launch the Summit for Democracy 2023, following up on the inaugural Summit for Democracy 2021. The Summit is co-hosted by the United States, Costa Rica, Zambia, the Netherlands, and South Korea. Cloudflare is proud to participate in and contribute commitments to the Summit because we believe that everyone should have access to an Internet that is faster, more reliable, more private, and more secure.  We work to ensure that the responsibility to respect human rights is embedded throughout our business functions. Cloudflare’s mission — to help build a better Internet — reflects a long-standing belief that we can help make the Internet better for everyone.

Our mission and core values dovetail with the Summit’s goals of strengthening democratic governance, respect for human rights and human rights defenders, and working in partnership to strengthen respect for these values. As we have written about before, access to the Internet allows activists and human rights defenders to expose abuses across the globe, allows collective causes to grow into global movements, and provides the foundation for large-scale organizing for political and social change in ways that have never been possible before.

Cloudflare’s commitment to the 2023 Summit for Democracy

What is the Summit for Democracy?

In December 2021, in an effort to respond to challenges to democracy worldwide, the United States held the first ever global Summit for Democracy. The Summit provided an opportunity to strengthen collaboration between democracies around the world and address common challenges from authoritarian threats.  The United States invited over 100 countries plus the President of the European Commission and the United Nations Secretary-General. The Summit focused on three key themes: (1) defending against authoritarianism; (2) addressing and fighting corruption; and (3) promoting respect for human rights, and gave participants an opportunity to announce commitments, reforms, and initiatives to defend democracy and human rights. The Summit was followed by a Year of Action, during which governments implemented their commitments to the Summit.

The 2023 Summit will focus more directly on partnering with the private sector to promote an affirmative vision for technology by countering the misuse of technology and shaping emerging technologies so that they strengthen democracy and human rights, which Cloudflare supports in theory and in practice.

The three-day Summit will highlight the importance of the private sector’s role in responding to challenges to democracy. The first day of the Summit is the Thematic Day, where Cabinet-level officials, the private sector and civil society organizations will spotlight key Summit themes. On the second day of the Summit, the Plenary Day, the five co-hosts will each host a high-level plenary session. On the final day of the Summit, Co-Host Event Day, each of the co-hosts will lead high-level regional conversations with partners from government, civil society, and the private sector.

Cloudflare will be participating in the Thematic Day and the Co-Host Event Day in Washington, DC, in addition to other related events.

Cloudflare commitments

In advance of the 2023 Summit, the United States issued a Call to Action to the private sector to consider commitments that advance an affirmative agenda for democratic renewal. The United States encouraged the private sector to make commitments that align with the Presidential Initiative on Democratic Renewal, the Declaration on the Future of the Internet, and the Summit’s four objectives:

  • Countering the misuse of technology
  • Fighting corruption
  • Protecting civic space
  • Advancing labor rights

Cloudflare answered the United States’s call to action and made commitments to (1) help democratize post-quantum cryptography; (2) work with researchers to share data on Internet censorship and shutdowns; and (3) engage with civil society on Internet protocols and the application of privacy-enhancing technologies.

Democratizing post-quantum cryptography by including it for free, by default

At Cloudflare, we believe to enhance privacy as a human right the most advanced cryptography needs to be available to everyone, free of charge, forever. Cloudflare has committed to including post-quantum cryptography for free by default to all customers – including individual web developers, small businesses, non-profits, and governments. In particular, this will benefit at-risk groups using Cloudflare services like humanitarian organizations, human rights defenders, and journalists through Project Galileo, as well as state and local government election websites through the Athenian Project, to help secure their websites, APIs, cloud tools and remote employees against future threats.

We believe everyone should have access to the next era of cybersecurity standards–instantly and for free. To that end, Cloudflare will also publish vendor-neutral roadmaps based on NIST standards to help businesses secure any connections that are not protected by Cloudflare. We hope that others will follow us in making their implementations of post-quantum cryptography free so that we can create a secure and private Internet without a “quantum” up-charge.  More details about our commitment is here and here.

Working with researchers to better document Internet censorship and shutdowns

Cloudflare commits to working with researchers to share data about Internet shutdowns and selective Internet traffic interference and to make the results of the analysis of this data public and accessible. The Cloudflare Network includes 285 locations in over 100 countries, interconnects with over 11,500 networks globally, and serves a significant portion of global Internet traffic. Cloudflare shares aggregated data on the Internet’s patterns, insights, threats and trends with the public through Cloudflare Radar, including providing alerts and data to help organizations like Access Now’s KeepItOn coalition, the Freedom Online Coalition, the Internet Society, and Open Observatory of Network Interference (OONI) monitor Internet censorship and shutdowns around the world. Cloudflare commits to working with research partners to identify signatures associated with connection tampering and failures, which are believed to be caused primarily by active censorship and blocking. Cloudflare is well-positioned to observe and report on these signatures from a global perspective, and will provide access to its findings to support additional tampering detection efforts.

Engaging with civil society on Internet protocols and the development and application of privacy-enhancing technologies

Cloudflare believes that meaningful consultation with civil society is a fundamental part of building an Internet that advances human rights. As Cloudflare works with Internet standards bodies and other Internet providers on the next-generation of privacy-enhancing technologies and protocols, like protocols to encrypt Domain Name Service records and Encrypted Client Hello (ECH) and privacy enhancing technologies like OHTTP, we commit to direct engagement with civil society and human rights experts on standards and technologies that might have implications for human rights.

Cloudflare has long worked with industry partners, stakeholders, and international standards organizations to build a more private, secure, and resilient Internet for everyone. For example, Cloudflare has built privacy technologies into its network infrastructure, helped develop and deploy TLS 1.3 alongside helping lead QUIC  and other Internet protocols, improve transparency around routing and public key infrastructure (PKI), and operating a public DNS resolver that supports encryption protocols. Ensuring civil society and human rights experts are able to contribute and provide feedback as part of those efforts will make certain that future development and application of privacy-enhancing technologies and protocols are consistent with human rights principles and account for human rights impacts.

Our commitments to democratizing post-quantum cryptography, working with researchers on Internet censorship and shutdowns, and engaging with civil society on Internet protocols and the development and application of privacy-preserving technologies will help to secure access to a free, open, and interconnected Internet.

Partnering to make the Summit a success

In the lead-up to the Summit, Cloudflare has been working in partnership with the US Department of State, the National Security Council, the US Agency for International Development (USAID), and various private sector and civil society partners to prepare for the Summit. As part of our involvement, we have also contributed to roundtables and discussions with the Center for Strategic and International Studies, GNI, the Design 4 Democracy Coalition, and the Freedom Online Coalition. Cloudflare is also participating in official meetings and side events including at the Carnegie Endowment for International Peace and the Council on Foreign Relations.

In addition to the official Summit events, there are a wide range of events organized by civil society which the Accountability Lab has created a website to highlight. Separately, on Monday, March 27 the Global Democracy Coalition convened a Partners Day to organize civil society and other non-governmental events. Many of these events are being held by some of our Galileo partners like the National Democratic Institute, the International Republican Institute, Freedom House, and the Council of Europe.

Cloudflare is grateful for all of the hard work that our partners in government, civil society, and the private sector have done over the past few months to make this Summit a success. At a time where we are seeing increasing challenges to democracy and the struggle for human rights around the world, maintaining a secure, open, Internet is critical. Cloudflare is proud of our participation in the Summit and in the commitments we are making to help advance human rights. We look forward to continuing our engagement in the Summit partnership to fulfill our mission to help build a better Internet.

One year of war in Ukraine: Internet trends, attacks, and resilience

Post Syndicated from João Tomé original https://blog.cloudflare.com/one-year-of-war-in-ukraine/

One year of war in Ukraine: Internet trends, attacks, and resilience

One year of war in Ukraine: Internet trends, attacks, and resilience

The Internet has become a significant factor in geopolitical conflicts, such as the ongoing war in Ukraine. Tomorrow marks one year since the Russian invasion of that country. This post reports on Internet insights and discusses how Ukraine’s Internet remained resilient in spite of dozens of disruptions in three different stages of the conflict.

Key takeaways:

  • Internet traffic shifts in Ukraine are clearly visible from east to west as Ukrainians fled the war, with country-wide traffic dropping as much as 33% after February 24, 2022.
  • Air strikes on energy infrastructure starting in October led to widespread Internet disruptions that continue in 2023.
  • Application-layer cyber attacks in Ukraine rose 1,300% in early March 2022 compared to pre-war levels.
  • Government administration, financial services, and the media saw the most attacks targeting Ukraine.
  • Traffic from a number of networks in Kherson was re-routed through Russia between June and October, subjecting traffic to Russia’s restrictions and limitations, including content filtering. Even after traffic ceased to reroute through Russia, those Ukrainian networks saw major outages through at least the end of the year, while two networks remain offline.
  • Through efforts on the ground to repair damaged fiber optics and restore electrical power, Ukraine’s networks have remained resilient from both an infrastructure and routing perspective. This is partly due to Ukraine’s widespread connectivity to networks outside the country and large number of IXPs.
  • Starlink traffic in Ukraine grew over 500% between mid-March and mid-May, and continued to grow from mid-May through mid-November, increasing nearly 300% over that six-month period. For the full period from mid-March (two weeks after it was made available) to mid-December, it was over a 1,600% increase, dropping a bit after that.

Internet changes and disruptions

An Internet shock after February 24, 2022

In Ukraine, human Internet traffic dropped as much as 33% in the weeks following February 24. The following chart shows Cloudflare’s perspective on daily traffic (by number of requests).

One year of war in Ukraine: Internet trends, attacks, and resilience

Internet traffic levels recovered over the next few months, including strong growth seen in September and October, when many Ukrainian refugees returned to the country. That said, there were also country-wide outages, mostly after October, that are discussed below.

14% of total traffic from Ukraine (including traffic from Crimea and other occupied regions) was mitigated as potential attacks, while 10% of total traffic to Ukraine was mitigated as potential attacks in the last 12 months.

Before February 24, 2022, typical weekday Internet traffic in Ukraine initially peaked after lunch, around 15:00 local time, dropped between 17:00 and 18:00 (consistent with people leaving work), and reached the biggest peak of the day at around 21:00 (possibly after dinner for mobile and streaming use).

After the invasion started, we observed less variation during the day in a clear change in the usual pattern given the reported disruption and “exodus” from the country​. During the first few days after the invasion began, peak traffic occurred around 19:00, at a time when nights for many in cities such as Kyiv were spent in improvised underground bunkers. By late March, the 21:00 peak had returned, but the early evening drop in traffic did not return until May.

When looking at Ukraine Internet requests by type of traffic in the chart below (from February 10, 2022, through February 2023), we observe that while traffic from both mobile and desktop devices dropped after the invasion, request volume from mobile devices has remained higher over the past year. Pre-war, mobile devices accounted for around 53% of traffic, and grew to around 60% during the first weeks of the invasion. By late April, it had returned to typical pre-war levels, falling back to around 54% of traffic. There’s also a noticeable December drop/outage that we’ll go over below.

One year of war in Ukraine: Internet trends, attacks, and resilience

Millions moving from east to west in Ukraine

The invasion brought attacks and failing infrastructure across a number of cities, but the target in the early days wasn’t the country’s energy infrastructure, as it was in October 2022. In the first weeks of the war, Internet traffic changes were largely driven by people evacuating conflict zones with their families. Over eight million Ukrainians left the country in the first three months, and many more relocated internally to safer cities, although many returned during the summer of 2022. The Internet played a critical role during this refugee crisis, supporting communications and access to real-time information that could save lives, as well as apps providing services, among others.

There was also an increase in traffic in the western part of Ukraine, in areas such as Lviv (further away from the conflict areas), and a decrease in the east, in areas like Kharkiv, where the Russian military was arriving and attacks were a constant threat. The figure below provides a view of how Internet traffic across Ukraine changed in the week after the war began (a darker pink means a drop in traffic — as much as 60% — while a darker green indicates an increase in Internet traffic — as much as 50%).

One year of war in Ukraine: Internet trends, attacks, and resilience
Source: https://datawrapper.dwcdn.net/dsUSJ/2/

The biggest drops in Internet traffic observed in Ukraine in the first days of the war were in Kharkiv Oblast in the east, and Chernihiv in the north, both with a 60% decrease, followed by Kyiv Oblast, with traffic 40% lower on March 2, 2022, as compared with February 23.

In western Ukraine, traffic surged. The regions with the highest observed traffic growth included Rivne (50%), Volyn (30%), Lviv (28%), Chernivtsi (25%), and Zakarpattia (15%).

At the city level, analysis of Internet traffic in Ukraine gives us some insight into usage of the Internet and availability of Internet access in those first weeks, with noticeable outages in places where direct conflict was going on or that was already occupied by Russian soldiers.

North of Kyiv, the city of Chernihiv had a significant drop in traffic the first week of the war and residual traffic by mid-March, with traffic picking up only after the Russians retreated in early April.

One year of war in Ukraine: Internet trends, attacks, and resilience

In the capital city of Kyiv, there is a clear disruption in Internet traffic right after the war started, possibly caused by people leaving, attacks and use of underground shelters.

One year of war in Ukraine: Internet trends, attacks, and resilience

Near Kyiv, we observed a clear outage in early March in Bucha. After April 1, when the Russians withdrew, Internet traffic started to come back a few weeks later.

One year of war in Ukraine: Internet trends, attacks, and resilience

In Irpin, just outside Kyiv, close to the Hostomel airport and Bucha, a similar outage pattern to Bucha was observed. Traffic only began to come back more clearly in late May.

One year of war in Ukraine: Internet trends, attacks, and resilience

In the east, in the city of Kharkiv, traffic dropped 50% on March 3, with a similar scenario seen not far away in Sumy. The disruption was related to people leaving and also by power outages affecting some networks.

One year of war in Ukraine: Internet trends, attacks, and resilience

Other cities in the south of Ukraine, like Berdyansk, had outages. This graph shows Enerhodar, the small city where Europe’s largest nuclear plant, Zaporizhzhya NPP, is located, with residual traffic compared to before.

One year of war in Ukraine: Internet trends, attacks, and resilience

In the cities located in the south of Ukraine, there were clear Internet disruptions. The Russians laid siege to Mariupol on February 24. Energy infrastructure strikes and shutdowns had an impact on local networks and Internet traffic, which fell to minimal levels by March 1. Estimates indicate that 95% of the buildings in the city were destroyed, and by mid-May, the city was fully under Russian control. While there was some increase in traffic by the end of April, it reached only ~22% of what it was before the war’s start.

One year of war in Ukraine: Internet trends, attacks, and resilience

When looking at Ukrainian Internet Service Providers (ISPs) or the autonomous systems (ASNs) they use, we observed more localized disruptions in certain regions during the first months of the war, but recovery was almost always swift. AS6849 (Ukrtel) experienced problems with very short-term outages in mid-March. AS13188 (Triolan), which services Kyiv, Chernihiv, and Kharkiv, was another provider experiencing problems (they reported a cyberattack on March 9), as could be observed in the next chart:

One year of war in Ukraine: Internet trends, attacks, and resilience

We did not observe a clear national outage in Ukraine’s main ISP, AS15895 (Kyivstar) until the October-November attacks on energy infrastructure, which also shows some early resilience of Ukrainian networks.

Ukraine’s counteroffensive and its Internet impact

As Russian troops retreated from the northern front in Ukraine, they shifted their efforts to gain ground in the east (Battle of Donbas) and south (occupation of the Kherson region) after late April. This resulted in Internet disruptions and traffic shifts, which are discussed in more detail in a section below. However, Internet traffic in the Kherson region was intermittent and included outages after May, given the battle for Internet control. News reports in June revealed that ISP workers damaged their own equipment to thwart Russia’s efforts to control the Ukrainian Internet.

Before the September Ukrainian counteroffensive, another example of the war’s impact on a city’s Internet traffic occurred during the summer, when Russian troops seized Lysychansk in eastern Ukraine in early July after what became known as the Battle of Lysychansk. Internet traffic in Lysychansk clearly decreased after the war started. That slide continues during the intense fighting that took place after April, which led to most of the city’s population leaving. By May, traffic was almost residual (with a mid-May few days short term increase).

One year of war in Ukraine: Internet trends, attacks, and resilience

In early September the Ukrainian counteroffensive took off in the east, although the media initially reported a south offensive in Kherson Oblast that was a “deception” move. The Kherson offensive only came to fruition in late October and early November. Ukraine was able to retake in September over 500 settlements and 12,000 square kilometers of territory in the Kharkiv region. At that time, there were Internet outages in several of those settlements.

In response to the successful Ukrainian counteroffensive, Russian airstrikes caused power outages and Internet disruptions in the region. That was the case in Kharkiv on September 11, 12, and 13. The figure below shows a 12-hour near-complete outage on September 11, followed by two other periods of drop in traffic.

One year of war in Ukraine: Internet trends, attacks, and resilience

When nuclear inspectors arrive, so do Internet outages

In the Zaporizhzhia region, there were also outages. On September 1, 2022, the day the International Atomic Energy Agency (IAEA) inspectors arrived at the Russian-controlled Zaporizhzhia nuclear power plant in Enerhodar, there were Internet outages in two local ASNs that service the area: AS199560 (Engrup) and AS197002 (OOO Tenor). Those outages lasted until September 10, as shown in the charts below.

One year of war in Ukraine: Internet trends, attacks, and resilience

One year of war in Ukraine: Internet trends, attacks, and resilience

More broadly, the city of Enerhodar, where the nuclear power plant is located, experienced a four-day outage after September 6.

Mid-September traffic drop in Crimea

In mid-September, following Ukraine’s counteroffensive, there were questions as to when Crimea might be targeted by Ukrainian forces, with news reports indicating that there was an evacuation of the Russian population from Crimea around September 13. We saw a clear drop in traffic on that Tuesday, compared with the previous day, as seen in the map of Crimea below (red is decrease in traffic, green is increase).

One year of war in Ukraine: Internet trends, attacks, and resilience

October brings energy infrastructure attacks and country-wide disruptions

As we have seen, the Russian air strikes targeting critical energy infrastructure began in September as a retaliation to Ukraine’s counteroffensive. The following month, the Crimean Bridge explosion on Saturday, October 8 (when a truck-borne bomb destroyed part of the bridge) led to more air strikes that affected networks and Internet traffic across Ukraine.

On Monday, October 10, Ukraine woke up to air strikes on energy infrastructure and experienced severe electricity and Internet outages. At 07:35 UTC, traffic in the country was 35% below its usual level compared with the previous week and only fully recovered more than 24 hours later. The impact was particularly significant in regions like Kharkiv, where traffic was down by around 80%, and Lviv, where it dropped by about 60%. The graph below shows how new air strikes in Lviv Oblast the following day affected Internet traffic.

One year of war in Ukraine: Internet trends, attacks, and resilience

There were clear disruptions in Internet connectivity in several regions on October 17, but also on October 20, when the destruction of several power stations in Kyiv resulted in a 25% drop in Internet traffic from Kyiv City as compared to the two previous weeks. It lasted 12 hours, and was followed the next day by a shorter partial outage as seen in the graph below.

One year of war in Ukraine: Internet trends, attacks, and resilience

In late October, according to Ukrainian officials, 30% of Ukraine’s power stations were destroyed. Self-imposed power limitations because of this destruction resulted in drops in Internet traffic observed in places like Kyiv and the surrounding region.

The start of a multi-week Internet disruption in Kherson Oblast can be seen in the graph below, showing ~70% lower traffic than in previous weeks. The disruption began on Saturday, October 22, when Ukrainians were gaining ground in the Kherson region.

One year of war in Ukraine: Internet trends, attacks, and resilience

Traffic began to return after Ukrainian forces took Kherson city on November 11, 2022. The graph below shows a week-over-week comparison for Kherson Oblast for the weeks of November 7, November 28, and December 19 for better visualization in the chart while showing the evolution through a seven-week period.

One year of war in Ukraine: Internet trends, attacks, and resilience

Ongoing strikes and Internet disruptions

Throughout the rest of the year and into 2023, Ukraine has continued to face intermittent Internet disruptions. On November 23, 2022, the country experienced widespread power outages after Russian strikes, causing a nearly 50% decrease in Internet traffic in Ukraine. This disruption lasted for almost a day and a half, further emphasizing the ongoing impact of the conflict on Ukraine’s infrastructure.

One year of war in Ukraine: Internet trends, attacks, and resilience

Although there was a recovery after that late November outage, only a few days later traffic seemed closer to normal levels. Below is a chart of the week-over-week evolution of Internet traffic in Ukraine at both a national and local level during that time:

One year of war in Ukraine: Internet trends, attacks, and resilience

In Kyiv Oblast:

One year of war in Ukraine: Internet trends, attacks, and resilience

In the Odessa region:

One year of war in Ukraine: Internet trends, attacks, and resilience

And Kharkiv (where a December 16 outage is also clear — in the green line):

One year of war in Ukraine: Internet trends, attacks, and resilience

On December 16, there was another country-level Internet disruption caused by air strikes targeting energy infrastructure. Traffic at a national level dropped as much as 13% compared with the previous week, but Ukrainian networks were even more affected. AS13188 (Triolan) had a 70% drop in traffic, and AS15895 (Kyivstar) a 40% drop, both shown in the figures below.

One year of war in Ukraine: Internet trends, attacks, and resilience

One year of war in Ukraine: Internet trends, attacks, and resilience

In January 2023, air strikes caused additional Internet disruptions. One such recent event was in Odessa, where traffic dropped as low as 54% compared with the previous week during an 18-hour disruption.

A cyber war with global impact

“Shields Up” on cyber attacks

The US government and the FBI issued warnings in March to all citizens, businesses, and organizations in the country, as well as allies and partners, to be aware of the need to “enhance cybersecurity.” The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Shields Up initiative, noting that “Russia’s invasion of Ukraine could impact organizations both within and beyond the region.” The UK and Japan, among others, also issued warnings.

Below, we discuss Web Application Firewall (WAF) mitigations and DDoS attacks. A WAF helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. Distributed Denial of Service (DDoS) attacks are cyber attacks that aim to take down Internet properties and make them unavailable for users.

Cyber attacks rose 1,300% in Ukraine by early March

The charts below are based on normalized data, and show threats mitigated by our WAF.

Mitigated application-layer threats blocked by our WAF skyrocketed after the war started on February 24. Mitigated requests were 105% higher on Monday, February 28 than in the previous (pre-war) Monday, and peaked on March 8, reaching 1,300% higher than pre-war levels.

Between February 2022 and February 2023, an average of 10% of all traffic to Ukraine was mitigations of potential attacks.

The graph below shows the daily percentage of application layer traffic to Ukraine that Cloudflare mitigated as potential attacks. In early March, 30% of all traffic was mitigated. This fell in April, and remained low for several months, but it picked up in early September around the time of the Ukrainian counteroffensive in east and south Ukraine. The peak was reached on October 29 when DDoS attack traffic constituted 39% of total traffic to Cloudflare’s Ukrainian customer websites.

One year of war in Ukraine: Internet trends, attacks, and resilience

This trend is more evident when looking at all traffic to sites on the “.ua” top-level domain (from Cloudflare’s perspective). The chart below shows that DDoS attack traffic accounted for over 80% of all traffic by early March 2022. The first clear spikes occurred on February 16 and 19, with around 25% of traffic mitigated. There was no moment of rest after the war started, except towards the end of November and December, but the attacks resumed just before Christmas. An average of 13% of all traffic to “.ua”, between February 2022 and February 2023 was mitigations of potential attacks. The following graph provides a comprehensive view of DDoS application layer attacks on “.ua” sites:

One year of war in Ukraine: Internet trends, attacks, and resilience

Moving on to types of mitigations of product groups that were used (related to “.ua” sites), as seen in the next chart, around 57% were done by the ruleset which automatically detects and mitigates HTTP DDoS attacks (DDoS Mitigation), 31% were being mitigated by firewall rules put in place (WAF), and 10% were blocking requests based on our IP threat reputation database (IP Reputation).

One year of war in Ukraine: Internet trends, attacks, and resilience

It’s important to note that WAF rules in the graph above are also associated with custom firewall rules created by customers to provide a more tailored protection. “DDoS Mitigation” (application layer DDoS protection) and “Access Rules” (rate limiting) are specifically used for DDoS protection.

In contrast to the first graph shown in this section, which looked at mitigated attack traffic targeting Ukraine, we can also look at mitigated attack traffic originating in Ukraine. The graph below also shows that the share of mitigated traffic from Ukraine also increased considerably after the invasion started.

One year of war in Ukraine: Internet trends, attacks, and resilience

Top attacked industries: from government to news media

The industries sectors that had a higher share of WAF mitigations were government administration, financial services, and the media, representing almost half of all WAF mitigations targeting Ukraine during 2022.

Looking at DDoS attacks, there was a surge in attacks on media and publishing companies during 2022 in Ukraine. Entities targeting Ukrainian companies appeared to be focused on information-related websites. The top five most attacked industries in the Ukraine in the first two quarters of 2022 were all in broadcasting, Internet, online media, and publishing, accounting for almost 80% of all DDoS attacks targeting Ukraine.

In a more focused look at the type of websites Cloudflare has protected throughout the war, the next two graphs provide a view of mitigated application layer attacks by the type of “.ua” sites we helped to protect. In the first days of the war, mitigation spikes were observed at a news service, a TV channel, a government website, and a bank.

One year of war in Ukraine: Internet trends, attacks, and resilience

In July, spikes in mitigations we observed across other types of “.ua” websites, including food delivery, e-commerce, auto parts, news, and government.

One year of war in Ukraine: Internet trends, attacks, and resilience

More recently, in February 2023, the spikes in mitigations were somewhat similar to what we saw one year ago, including electronics, e-commerce, IT, and education websites.

One year of war in Ukraine: Internet trends, attacks, and resilience

12.6% of network-layer traffic was DDoS activity in Q1 2022

Network-layer (layer 3 and 4) traffic is harder to attribute to a specific domain or target because IP addresses are shared across different customers. Looking at network-level DDoS traffic hitting our Kyiv data center, we saw peaks of DDoS traffic higher than before the war in early March, but they were much higher in June and August.

One year of war in Ukraine: Internet trends, attacks, and resilience

In our Q1 2022 DDoS report, we also noted that 12.6% of Ukraine’s traffic was DDoS activity, compared with 1% in the previous quarter, a 1,160% quarter-over-quarter increase.

Several of our quarterly DDoS reports from 2022 include attack trends related to the war in Ukraine, with quarter over quarter interactive comparisons.

Network re-routing in Kherson

On February 24, 2022, Russian forces invaded Ukraine’s Kherson Oblast region. The city of Kherson was captured on March 2, as the first major city and only regional capital to be captured by Russian forces during the initial invasion. The Russian occupation of Kherson Oblast continued until Ukrainian forces resumed control on November 11, after launching a counteroffensive at the end of August.

On May 4, 2022, we published Tracking shifts in Internet connectivity in Kherson, Ukraine, a blog post that explored a re-routing event that impacted AS47598 (Khersontelecom), a telecommunications provider in Kherson Oblast. Below, we summarize this event, and explore similar activity across other providers in Kherson that has taken place since then.

On May 1, 2022, we observed a shift in routing for the IPv4 prefix announced by Ukrainian network AS47598 (Khersontelecom). During April, it reached the Internet through several other Ukrainian network providers, including AS12883 (Vega Telecom) and AS3326 (Datagroup). However, after the shift, its routing path now showed a Russian network, AS201776 (Miranda-Media), as the sole upstream provider. With traffic from KhersonTelecom passing through a Russian network, it was subject to the restrictions and limitations imposed on any traffic transiting Russian networks, including content filtering.

The flow of traffic from Khersontelecom before and after May 1, with rerouting through Russian network provider Miranda-Media, is illustrated in the chart below. This particular re-routing event was short-lived, as a routing update for AS47598 on May 4 saw it return to reaching the Internet through other Ukrainian providers.

One year of war in Ukraine: Internet trends, attacks, and resilience

As a basis for our analysis, we started with a list of 15 Autonomous System Numbers (ASNs) belonging to networks in Kherson Oblast. Using that list, we analyzed routing information collected by route-views2 over the past year, from February 1, 2022, to February 15, 2023. route-views2 is a BGP route collector run by the University of Oregon Route Views Project. Note that with respect to the discussions of ASNs in this and the following section, we are treating them equally, and have not specifically factored estimated user population into these analyses.

The figure below illustrates the result of this analysis, showing that re-routing of Kherson network providers (listed along the y-axis) through Russian upstream networks was fairly widespread, and for some networks, has continued into 2023. During the analysis time frame, there were three primary Russian networks that appeared as upstream providers: AS201776 (Miranda-Media), AS52091 (Level-MSK Ltd.), and AS8492 (OBIT Ltd.).

Within the graph, black bars indicate periods when the ASN effectively disappeared from the Internet; white segments indicate the ASN was dependent on other Ukraine networks as immediate upstreams; and red indicates the presence of Russian networks in the set of upstream providers. The intensity of the red shading corresponds to the percentage of announced prefixes for which a Russian network provider is present in the routing path as observed from networks outside Ukraine. Bright red shading, equivalent to “1” in the legend, indicates the presence of a Russian provider in all routing paths for announced prefixes.

One year of war in Ukraine: Internet trends, attacks, and resilience

In the blog post linked above, we referenced an outage that began on April 30. This is clearly visible in the figure as a black bar that runs for several days across all the listed ASNs. In this instance, AS47598 (KhersonTelecom) recovered a day later, but was sending traffic through AS201776 (Miranda-Media), a Russian provider, as discussed above.

Another Ukrainian network, AS49168 (Brok-X), recovered from the outage on May 2, and was also sending traffic through Miranda-Media. By May 4, most of the other Kherson networks recovered from the outage, and both AS47598 and AS49168 returned to using Ukrainian networks as immediate upstream providers. Routing remained “normal” until May 30. Then, a more widespread shift to routing traffic through Russian providers began, although it appears that this shift was preceded by a brief outage for a few networks. For the most part, this re-routing lasted through the summer and into October. Some networks saw a brief outage on October 17, but most stopped routing directly through Russia by October 22.

However, this shift away from Russia was followed by periods of extended outages. KhersonTelecom suffered such an outage, and has remained offline since October, except for the first week of November when all of its traffic routed through Russia. Many other networks rejoined the Internet in early December, relying mostly on other Ukrainian providers for Internet connectivity. However, since early December, AS204485 (PE Berislav Cable Television), AS56359 (CHP Melnikov Roman Sergeevich), and AS49465 (Teleradiocompany RubinTelecom Ltd.) have continued to use Miranda-Media as an upstream provider, in addition to experiencing several brief outages. In addition, over the last several months, AS25082 (Viner Telecom) has used both a Ukrainian network and Miranda-Media as upstream providers.

Internet resilience in Ukraine

In the context of the Internet, “resilience” refers to the ability of a network to operate continuously in a manner that is highly resistant to disruption. This includes the ability of a network to: (1) operate in a degraded mode if damaged, (2) rapidly recover if failure does occur, and (3) scale to meet rapid or unpredictable demands. Throughout the Russia-Ukraine conflict, media coverage (VICE, Bloomberg, Washington Post) has highlighted the work done in Ukraine to repair damaged fiber-optic cables and mobile network infrastructure to keep the country online. This work has been critically important to maintaining the resilience of Ukrainian Internet infrastructure.

According to PeeringDB, as of February 2023, there are 25 Internet Exchange Points (IXPs) in Ukraine and 50 interconnection facilities. (An IXP may span multiple physical facilities.) Within this set of IXPs, Autonomous Systems (ASes) belonging to international providers are currently present in over half of them. The number of facilities, IXPs, and international ASes present in Ukraine points to a resilient interconnection fabric, with multiple locations for both domestic and international providers to exchange traffic.

To better understand these international interconnections, we first analyze the connectivity of ASes in Ukraine, and we classify the links to domestic networks (links where both ASes are registered in Ukraine) and international networks (links between ASes in Ukraine and ASes outside Ukraine). To determine which ASes are domestic in Ukraine, we can use information from the extended delegation reports from the Réseaux IP Européens Network Coordination Centre (RIPE NCC), the Regional Internet Registry that covers Ukraine. We also parsed collected BGP data to extract the AS-level links between Ukrainian ASes and ASes registered in a different country, and we consider these the international connectivity of the domestic ASes.

A March 2022 article in The Economist noted that “For one thing, Ukraine boasts an unusually large number of internet-service providers—by one reckoning the country has the world’s fourth-least-concentrated Internet market. This means the network has few choke points, so is hard to disable.” As of the writing of this blog post, there are 2,190 ASes registered in Ukraine (UA ASes), and 1,574 of those ASes appear in the BGP routing table as active. These counts support the article’s characterization, and below we discuss several additional observations that reinforce Ukraine’s Internet resilience.

One year of war in Ukraine: Internet trends, attacks, and resilience

The figure above is a cumulative distribution function showing the fraction of domestic Ukrainian ASes that have direct connections to international networks. In February 2023, approximately 50% had more than one (100) international link, while approximately 10% had more than 10, and approximately 2% had 100 or more. Although these numbers have dropped slightly over the last year, they underscore the lack of centralized choke points in the Ukrainian Internet.

For the networks with international connectivity, we can also look at the distribution of “next-hop” countries – countries with which those international networks are associated. (Note that some networks may have a global footprint, and for these, the associated country is the one recorded in their autonomous system registration.) Comparing the choropleth maps below illustrates how this set of countries, and their fraction of international paths, have changed between February 2022 and February 2023. The data underlying these maps shows that international connectivity from Ukraine is distributed across 18 countries — unsurprisingly, mostly in Europe.

One year of war in Ukraine: Internet trends, attacks, and resilience

In February 2022, these countries/locations accounted for 77% of Ukraine’s next-hop international paths. The top four all had 7.8% each. However, in February 2023, the top 10 next-hop countries/locations dropped slightly to 76% of international paths. While just a slight change from the previous year, the set of countries/locations and many of their respective fractions saw considerable change.

February 2022 February 2023
1 Germany 7.85% Russia 11.62%
2 Netherlands 7.85% Germany 11.43%
3 United Kingdom 7.83% Hong Kong 8.38%
4 Hong Kong 7.81% Poland 7.93%
5 Sweden 7.77% Italy 7.75%
6 Romania 7.72% Turkey 6.86%
7 Russia 7.67% Bulgaria 6.20%
8 Italy 7.64% Netherlands 5.31%
9 Poland 7.60% United Kingdom 5.30%
10 Hungary 7.54% Sweden 5.26%

Russia’s share grew by 50% year to 11.6%, giving it the biggest share of next-hop ASes. Germany also grew to account for more than 11% of paths.

One year of war in Ukraine: Internet trends, attacks, and resilience

Satellite Internet connectivity

Cloudflare observed a rapid growth in Starlink’s ASN (AS14593) traffic to Ukraine during 2022 and into 2023. Between mid-March and mid-May, Starlink’s traffic in the country grew over 530%, and continued to grow from mid-May up until mid-November, increasing nearly 300% over that six-month period — from mid-March to mid-December the growth percentage was over 1600%. After that, traffic stabilized and even dropped a bit during January 2023.

One year of war in Ukraine: Internet trends, attacks, and resilience

Our data shows that between November and December 2022, Starlink represented between 0.22% and 0.3% of traffic from Ukraine, but that number is now lower than 0.2%.

One year of war in Ukraine: Internet trends, attacks, and resilience


One year in, the war in Ukraine has taken an unimaginable humanitarian toll. The Internet in Ukraine has also become a battleground, suffering attacks, re-routing, and disruptions. But it has proven to be exceptionally resilient, recovering time and time again from each setback.

We know that the need for a secure and reliable Internet there is more critical than ever. At Cloudflare, we’re committed to continue providing tools that protect Internet services from cyber attack, improve security for those operating in the region, and share information about Internet connectivity and routing inside Ukraine.

Cyberattacks on Holocaust educational websites increased in 2022

Post Syndicated from Omer Yoachimik original https://blog.cloudflare.com/cyberattacks-on-holocaust-educational-websites-increased-in-2022/

Cyberattacks on Holocaust educational websites increased in 2022

Cyberattacks on Holocaust educational websites increased in 2022

Today we mark the International Holocaust Remembrance Day. We commemorate the victims that were robbed of their possessions, stripped of their rights, deported, starved, dehumanized and murdered by the Nazis and their accomplices. During the Holocaust and in the events that led to it, the Nazis exterminated one third of the European Jewish population. Six million Jews, along with countless other members of minority and disability groups, were murdered because the Nazis believed they were inferior.

Seventy eight years later, after the liberation of the infamous Auschwitz death camp, antisemitism still burns with hatred. According to a study performed by the Campaign Against Antisemitism organization on data provided by the UK Home Office, Jews are 500% more likely to be targeted by hate crime than any other faith group per capita.

Cyberattacks targeting Holocaust educational websites

From Cloudflare’s vantage point we can point to distressing findings as well. In 2021, cyberattacks on Holocaust educational websites doubled year over year. In 2021, one out of every 100 HTTP requests sent to Holocaust educational websites behind Cloudflare was part of an attack. In 2022, the share of those cyber attacks grew again by 49% YoY. Cyberattacks represented 1.6% of all traffic to Holocaust educational websites (almost 1 out of every 50 HTTP requests), as can be seen in the chart below in 2022.

We’re representing cyberattacks as a percentage to normalize natural growth of traffic to websites, mitigation methods and other potential data biases. But even if we look at the raw numbers, between 2021 and 2022, the absolute cyberattack traffic (in HTTP requests) that targeted Holocaust education websites behind Cloudflare grew by 640% in contrast to the total growth of 397% in the number of all requests (attack and non-attack HTTP requests).

Cyberattacks on Holocaust educational websites increased in 2022
Share of cyberattack targeting Holocaust education websites

(Please note that the graph starts in 95% in order to provide better visibility into the share of attacks)

The threat that Holocaust educational websites face is one that many other non-profit organizations face. In fact, in our most recent DDoS Trends report, non-profit organizations were the sixth most targeted industry. Ten percent of all traffic to non-profit websites behind Cloudflare was DDoS attack traffic.

Cyberattacks on Holocaust educational websites increased in 2022
Top industries targeted by HTTP DDoS attacks in 2022 Q4

However, nonprofits such as Holocaust educational organizations might not always have the resources to fend off attacks. For this reason, we provide free protection to at-risk groups across the world. We do this through Project Galileo. It helps keep vulnerable websites online. It provides free cyber security services for groups working in the arts, human rights, civil society, journalism, or democracy. As detailed in our recent Impact Report, in 2022, through Project Galileo, we protected vulnerable websites from an average of 59M cyber threats every day.

If you’re representing a vulnerable public interest group and want to protect your website with Project Galileo, please follow the steps and apply here. While you wait to hear back, you can also get started with our Free plan.

Cyberattacks on Holocaust educational websites increased in 2022

At Cloudflare, we remember and never forget.

Here at Cloudflare, some of us are descendants of Holocaust survivors. My grandparents escaped Nazi-occupied Poland after the German invasion. Sadly, my grandparents — as other elderly survivors, have already passed. I grew up hearing about their stories of bravery — and of deep torment. It’s not always easy to hear these stories, but we must — especially in times like these when war in Europe has been ongoing for almost a year now. We have the responsibility to ensure the world remembers and never forgets the atrocities of the Holocaust and what antisemitism, racism and hatred in general can lead to.

To this extent, a few months ago, here at the Cloudflare London office, we had the honor of hosting Janine Webber, recipient of the British Empire Medal (BEM) in an event hosted by Judeoflare, Cloudflare’s Jewish employee resource group. The event was made possible due to our partnership with the Holocaust Education Trust. And so in a fully packed auditorium and an oversubscribed Zoom call, we listen to Janine’s story of survival and bravery first hand. We asked questions and we learned.

We’re privileged to be able to share her story here with all of you via Cloudflare TV.

Watch on Cloudflare TV

Democratizing access to Zero Trust with Project Galileo

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/democratizing-access-to-zero-trust-with-project-galileo/

Democratizing access to Zero Trust with Project Galileo

Democratizing access to Zero Trust with Project Galileo

Project Galileo was started in 2014 to protect free expression from cyber attacks. Many of the organizations in the world that champion new ideas are underfunded and lack the resources to properly secure themselves. This means they are exposed to Internet attacks aimed at thwarting and suppressing legitimate free speech.

In the last eight years, we have worked with 50 partners across civil society to onboard more than 2,000 organizations in 111 countries to provide our powerful cyber security products to those who work in sensitive yet critical areas of human rights and democracy building.

New security needs for a new threat environment

As Cloudflare has grown as a company, we have adapted and evolved Project Galileo especially amid global events such as COVID-19, social justice movements after the death of George Floyd, the war in Ukraine, and emerging threats to these groups intended to silence them. Early in the pandemic, as organizations had to quickly implement work-from-home solutions, new risks stemmed from this shift.

In our conversations with partners and participants, we noticed a theme. The digital divide in terms of cyber security products on the market and the “one size fits all” model mean that only large enterprises with a dedicated security team and extensive budgets have the ability to keep their internal resources and data secure. For Project Galileo, we work with a range of organizations that vary in size, internal capacity, and technical expertise. Especially since many of these groups rely on their online presence to collect donations, organize volunteers, and promote their mission, one size fits all security products do not match the needs and expertise for these groups.

Announcing new Zero Trust tools for Project Galileo participants

With this, we have extended our Zero Trust products to all domains under Project Galileo, as we want organizations to have access to Enterprise-level cyber security products no matter their size and budgets. Zero Trust security means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. This allows organizations of any size to solve the common security problems such as data loss, malware and phishing so these organizations can focus on their unique missions.

For Impact Week, we are excited to share how Project Galileo participants and partners use Cloudflare’s Zero Trust products to keep their operations running smoothly.

CyberPeace Institute

Democratizing access to Zero Trust with Project Galileo

We started partnering with the CyberPeace Institute for Project Galileo in 2022. As part of our partnership, we have worked to provide our cyber security services to at-risk organizations around the world.

Established in 2019, the CyberPeace Institute is an independent and neutral nongovernmental organization, headquartered in Switzerland, whose mission is to ensure the rights of people to security, dignity and equity in cyberspace. The Institute works in close collaboration with relevant partners to reduce the harms from cyberattacks on people’s lives worldwide. By analyzing cyberattacks, the Institute exposes their societal impact, how international laws and norms are being violated, and advances responsible behavior to enforce cyberpeace.
Since our partnership, we’ve been working to onboard their organization to Cloudflare Zero Trust, to secure critical applications and protect employees from online threats.

“The CyberPeace Institute works with humanitarian non-governmental organizations (NGOs) to protect their operations and build their cyber capabilities, data and resources in an increasingly complex digital environment. Both the Institute and Cloudflare share a core motivation to ensure the rights of people to security, dignity and equity in cyberspace. This alignment gives us confidence that Cloudflare is the right strategic partner as we evolve with our mission. We are grateful for the support of Project Galileo” stated Stéphane Duguin, Chief Executive Officer, CyberPeace Institute.

The Information Technology Disaster Resource Center

Democratizing access to Zero Trust with Project Galileo

The Information Technology Disaster Resource Center is a nonprofit composed of thousands of service oriented technical professionals and private sector partners that assist in disaster response operations in the United States. These teams train and work in collaboration with NGOs and first responders to deliver emergency communications and technical solutions to aid communities in crisis. ITDRC provides connectivity, Wi-Fi hotspots, cell phone charging stations, and Internet-enabled computers for shelters, fire camps, and community recovery. A key part of their mission is to leverage technology to connect survivors and responders amid crises.

ITDRC started using Cloudflare in 2020 when they were accepted to Project Galileo. Since then, they have implemented many Zero Trust products to secure their volunteers and employees.

Chris Hillis, Co-founder at ITDRC says, “Cloudflare Zero Trust is essential to securing our employees, volunteers, and disaster survivors on site and in the field. Cloudflare delivers secure, reliable, and fast connectivity to the Internet and critical applications that our teams need to respond to disasters effectively. Setting up policies has been simple for our administrators, and our team benefits from a safer, faster experience, whether accessing internally hosted applications, or the broader Internet. With Cloudflare Access, we are able to ensure that team members receive a consistent user experience accessing internal applications based on their role, all while utilizing our existing identity provider and securing our infrastructure. Utilizing Cloudflare Gateway adds an additional layer of security to our networks and devices, helping to protect our users from external threats, and themselves.”


Democratizing access to Zero Trust with Project Galileo

Meedan is a global technology not-for-profit that builds software and programmatic initiatives to strengthen journalism, digital literacy, and accessibility of information online and off. They develop open-source tools for creating and sharing context on digital media through crowdsourcing, annotation, verification, archival, and translation. Their projects span issues including election monitoring, pandemic response, and human rights documentation.

Aaron Huslage, Director of Systems and Security at Meedan says, “Meedan and Cloudflare both share a vision of a more equitable, safer Internet. We were proud to be a founding member of Project Galileo in 2014 and support the work that program has done to protect Human Rights Defenders around the world. Closer to home Cloudflare helps our employees be more secure and productive when creating and distributing our open source software.”

Organization of American States

Democratizing access to Zero Trust with Project Galileo

The Organization of American States is the world’s oldest regional organization, dating back to the First International Conference of American States, held in Washington, D.C., from October 1889 to April 1890. Its 35 members focus on four main pillars — democracy, human rights, security, and development. It serves as a home for multilateral dialogue on topics such as the rights of indigenous peoples, territorial disputes, and regional goals for education.

“The partnership with Cloudflare will help the Organization of American States (OAS) democratize best-in-class security to modernize and strengthen our internal cybersecurity posture with a Zero Trust approach, delivered in the cloud, without sacrificing our workforce performance.” Andrew Vanjani, OAS Chief Information Officer.

How do I get started?

First, we want to thank all of our civil society partners that we work alongside to offer Cloudflare protection and work with us to extend even more products to organizations around the world. If you are an organization looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

Cloudflare Zero Trust for Project Galileo and the Athenian Project

Post Syndicated from Sam Rhea original https://blog.cloudflare.com/cloudflare-zero-trust-for-galileo-and-athenian/

Cloudflare Zero Trust for Project Galileo and the Athenian Project

This post is also available in 日本語, Deutsch, Français, Español.

Cloudflare Zero Trust for Project Galileo and the Athenian Project

The organizations served by Projects Galileo and Athenian face the same security challenges as some of the world’s largest companies, but lack the budget to protect themselves. Sophisticated phishing campaigns attempt to compromise user credentials. Bad actors find ways to disrupt connectivity to critical resources. However, the tools to defend against these threats have historically only been available to the largest enterprises.

We’re excited to help fix that. Starting today, we are making the Cloudflare One Zero Trust suite available to teams that qualify for Project Galileo or Athenian at no cost. Cloudflare One includes the same Zero Trust security and connectivity solutions used by over 10,000 customers today to connect their users and safeguard their data.

Same problem, different missions

Athenian Project candidates work to safeguard elections in the United States. Project Galileo applicants launched their causes to support journalists, encourage artistic expression, or protect persecuted groups. They each set out to fix difficult and painful problems. None of the applications to our programs wrote their mission statement to deal with phishing attacks or internal data loss.

However, security problems plague these teams. Instead of being able to focus on their unique mission, these groups spend money, time, and energy attempting to defend from attacks. The headaches range from expensive distractions to outright breaches. Even the mundane work to connect employees to important tools continues to be a headache. Every chore or incident takes away from the ability of these organizations to advance their cause.

We built Cloudflare One to solve the common security problems that can derail any team. Our mission is to help build a better Internet and, in doing so, we create tools that allow the groups served by the Athenian Project and Project Galileo spend as much of their day solving their own unique challenges.

The products we are making available today provide security against a broad, and growing, range of attacks that target how a team works together on the Internet. Project Galileo and Athenian candidates can choose to start in any place depending on their existing security challenges. If you need a guide on where to get started, we’ve broken down three common first steps that we recommend.

1) Stop phishing attacks

Many phishing attacks start with a malicious link buried in a single email from a sender that seems trustworthy. A user in your organization clicks on that link, believing it to be from a teammate or manager, and lands on a website that looks almost identical to your identity provider or one of the web applications they use every day. They input their username and password, sending their credentials directly to the attacker.

Cloudflare One’s email security, our Area 1 product, is our first line of phishing defense. Area 1 scans the emails headed to your organization for the presence of potential phishing campaigns and other types of security attacks. Malicious messages never arrive without interrupting the emails that your team should receive. You can deploy Area 1 in minutes with a few changes to your DNS records to safeguard your Microsoft 365, Gmail, or nearly any other email deployment.

As part of today’s announcement, we are making Area 1 available to Project Galileo and Athenian organizations at no cost. The same level of protection trusted by large corporations from Werner Enterprises to Fortune 500 consumer packaged goods firms is now available to your team.

In some cases, an email evades detection or the phishing link reaches your users through other channels. Cloudflare One can still help. When your team members navigate the Internet, they rely on DNS queries made by their device in order to translate the hostname of a website to the IP address of the server. Their device sends those queries to a DNS resolver.

Cloudflare runs the world’s fastest DNS resolver,, and we offer a security version that also filters DNS queries made to destinations that are known to be malicious. If a user accidentally clicks on a link from a text message or in a website, their device first sends that DNS query to Cloudflare. If dangerous, we stop the query before the malicious destination can load. If benign, we’ll respond with the destination faster than other resolvers.

Cloudflare’s DNS filtering keeps the US Federal Government safe, but can be deployed by teams of any size. You can secure entire office networks with the change of one router setting or deploy our roaming agent to keep your users safe wherever they work. Together with email protection, your team can filter out phishing attacks in a defense-in-depth approach.

2) Connect employees and partners

Many teams that qualify for Project Galileo had to find ways to work across geographies long before the pandemic sent employees home from other companies. These teams typically deployed a legacy virtual private network (VPN) to allow team members from across the world to reach the tools they needed to collect data, file stories, or submit research. At best, those VPN deployments slowed down user connectivity and introduced maintenance headaches. At worst, they gave anyone on the network overly broad access to nearly any resource.

With Cloudflare One, your team can operate in any location and still reach your internal tools while controlling exactly who can access which application or service. Organizations that need to operate a traditional private network can run one on Cloudflare by deploying our device client (WARP) on user endpoints and establishing outbound connections to our global network via Cloudflare Tunnel. Users enjoy the performance and availability of Cloudflare’s network while administrators can build granular permissions without the need for additional application development.

We also know that many Galileo and Athenian organizations work alongside hundreds or thousands of partners and volunteers. Those users need to also reach internal resources but are not willing or able to install software on their personal devices.

To solve that challenge, Cloudflare One can be deployed in a fully clientless mode that can use multiple identity providers including consumer options like Google, Facebook, and LinkedIn. Users authenticate with the single-sign on option they already use from any mobile or desktop device. Administrators control which users can reach specific applications while logging every attempt.

3) Secure your team’s path to the Internet

Beyond phishing attacks, bad actors target organizations with other types of threats like malware hidden in downloads. Researchers and journalists exploring a topic with untrusted sources can bring ransomware back into the entire organization. Team members connecting to the Internet from a hotel Wi-Fi network can have unencrypted DNS queries monitored and reported.

Cloudflare One provides every member of your team with an encrypted, secured on-ramp to the entire Internet. Powered by the same Cloudflare WARP agent that helps millions of users enjoy a more private Internet connection, Cloudflare’s Secure Web Gateway filters all Internet-bound for hidden threats.

When users inadvertently connect to a malicious destination, Cloudflare One will block the attempt and present them with a page explaining what just happened. In the other direction, Cloudflare’s network scans downloads for malware and blocks the download before the user can open it.

The same filtering can be extended to keep sensitive data from leaving your organization. You can build rules that flag file uploads that contain personal information or patterns that are unique to your team or focus area. With just a few clicks, you can create policies that prevent the accidental or malicious loss of data while also restricting uploads to approved destinations.

All without the need for an enterprise IT department

Today’s announcement makes the security technology deployed by the world’s largest enterprises available to organizations of any size. And, despite the broad impact of Athenian and Galileo organizations, that size tends to be smaller.

The teams supported by Project Galileo focus limited resources on advancing journalism, artistic expression, human rights, and other causes. The state and local governments who qualify for the Athenian Project spend their days protecting democracy in the United States. Both groups tend to lack the resources of a Fortune 500 to staff and operate a large IT department.

We built Cloudflare One as a service that a team could configure and deploy in a matter of hours and still benefit from comprehensive Zero Trust security. We’ve published a Zero Trust Roadmap that your team can use to determine how to get started with guidelines for the time required at each step.

How to get started

We’re excited to extend Projects Galileo and Athenian to include Cloudflare One. Are you an existing qualified organization or interested in applying? Follow the link here and here to get started.

If you are not part of Project Galileo or Athenian, but still want to begin deploying Cloudflare One, we make the service available at no cost to teams of up to 50 users. Click here to sign up.

A new portal for Project Galileo participants

Post Syndicated from Andie Goodwin original https://blog.cloudflare.com/a-new-portal-for-project-galileo-participants/

A new portal for Project Galileo participants

This post is also available in 日本語, Deutsch, Français, Español and Português.

A new portal for Project Galileo participants

Each anniversary of Project Galileo serves as an impetus for big-picture thinking among the Cloudflare team about where to take the initiative next. For this eighth anniversary, we want to help participants get the most out of their free security and performance services and simplify the onboarding process.

Organizations protected under Galileo are a diverse bunch, with 111 countries represented across 1,900+ web domains. Some of these organizations are very small and sometimes operated solely by volunteers. It is understandable that many do not have IT specialists or other employees with technical knowledge about security and performance capabilities. We strive to give them the tools and training to succeed, and we felt it was imperative to take this effort to a new level.

Introducing the Cloudflare Social Impact Projects Portal

To provide Galileo participants with one place to access resources, configuration tips, product explainers, and more, we built the Cloudflare Social Impact Projects Portal.

The crisis in Ukraine was a key source of inspiration for this endeavor. With overall applications for the project skyrocketing by 177% in March 2022, we were rushing to onboard new participants and get them protected from devastating attacks online. The invasion has sparked conversations among our team about how to effectively communicate the wide variety of products available under the project, get groups onboarded more quickly, and make the process easier for those who speak English as a second language.

With this portal, we hope to accomplish all of these goals across all Cloudflare Impact programs. In addition to Project Galileo, which protects groups that might otherwise be in danger of being silenced by attacks, we also have:

Helping participants on their Cloudflare journey

With the help of numerous volunteers among the Cloudflare team, we are launching the portal with the following resources:

  • New engineer-led video walkthroughs on setting up security and performance tools
  • Quick summaries of technical terms, including DNS lookups, web application firewalls, caching, and Zero Trust
  • Resources for support and troubleshooting

Throughout the portal, we have included links to our Learning Center, developer docs, and Help Center so participants can get user-friendly explanations of terminology and troubleshooting tips.

What’s ahead

Since we started Project Galileo back in 2014, we have routinely added new products and tools to the program as Cloudflare innovates in new areas and as participants’ security, performance, and reliability needs change. We are now working toward adding more Zero Trust capabilities within Project Galileo.

For more information about Project Galileo, check out our other 8th anniversary blog posts:

In Ukraine and beyond, what it takes to keep vulnerable groups online

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/in-ukraine-and-beyond-what-it-takes-to-keep-vulnerable-groups-online/

In Ukraine and beyond, what it takes to keep vulnerable groups online

This post is also available in 日本語, Deutsch, Français, Español, Português.

In Ukraine and beyond, what it takes to keep vulnerable groups online

As we celebrate the eighth anniversary of Project Galileo, we want to provide a view into the type of cyber attacks experienced by organizations protected under the project. In a year full of new challenges for so many, we hope that analysis of attacks against these vulnerable groups provides researchers, civil society, and targeted organizations with insight into how to better protect those working in these spaces.

For this blog, we want to focus on attacks we have seen against organizations in Ukraine, including significant growth in DDoS attack activity after the start of the conflict. Within the related Radar dashboard, we do a deep dive into attack trends against Project Galileo participants in a range of areas including human rights, journalism, and community led non-profits.

To read the whole report, visit the Project Galileo 8th anniversary Radar Dashboard.

Understanding the Data

  • For this dashboard, we analyzed data from July 1, 2021 to May 5, 2022 from 1,900 organizations from around the world that are protected under the project.
  • For DDoS attacks, we classify this as traffic that we have determined is part of a Layer 7 (application layer) DDoS attack. Such attacks are often malicious floods of requests designed to overwhelm a site with the intention of knocking it offline. We block the requests associated with the attack, ensuring that legitimate requests reach the site, and that it stays online.
  • For traffic mitigated by the web application firewall, this is traffic that was determined to be malicious and was blocked by Cloudflare’s firewall. We provide free Business level services under Project Galileo, and our WAF is one of the valuable tools used to mitigate attempts to exploit vulnerabilities intended to gain unauthorized access to an organization’s online application.
  • For graphs that represent changes in traffic or domains under Project Galileo, we are using the average daily traffic (number of requests) of the first two weeks of July 2021 as the baseline.

Highlights of past year

  • We continue to see cyberattack activity increase, with nearly 18 billion attacks between July 2021 and May 2022. This is an average of nearly 57.9 million cyberattacks per day over the last nine months, an increase of nearly 10% over last year.
  • Mitigated DDoS traffic targeting organizations in Ukraine reached as much as 90% of total traffic during one significant attack in April.
  • After the war in Ukraine started, applications to the project increased by 177% in March 2022.
  • Journalism and media organizations in Europe and the Americas saw traffic grow ~150% over the last year.
  • We see a range of unsophisticated cyberattacks against organizations that work in human rights and journalism. Up to 40% of WAF mitigated requests were classified as HTTP Anomalies, the largest of any WAF rule type, a type of attack that can be damaging to unprotected organizations but is automatically blocked by Cloudflare.
  • From July 2021 to May 2022, organizations based in Europe consistently accounted for half to two-thirds of request traffic out of all the regions covered under the project.

Global Coverage of Project Galileo

In Ukraine and beyond, what it takes to keep vulnerable groups online

Protecting organizations in Ukraine

As the war started in Ukraine, we saw an increase in applications for participation in Project Galileo from organizations looking for our assistance. Many came in while under DDoS attack, but we also saw sites subject to large influxes of traffic from people on the ground in Ukraine attempting to access information due to the ongoing Russian invasion. While traffic from organizations in Ukraine was largely flat before the start of the war, since that time, traffic increases primarily have been driven by organizations that work in journalism and media.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Ahead of the war, organizations that work in community building/social welfare, such as those who provide direct assistance to refugees, or provide donation platforms to support those in Ukraine were responsible for what little traffic that was mitigated by the web application firewall (WAF). However, after the war began, journalism organizations saw the most WAF-mitigated traffic, with frequent spikes, including one on March 13 representing 69% of traffic. During this period of increased WAF-mitigated requests that started in late February, the majority of the attacks were classified as SQLi. WAF mitigated traffic for human rights organizations increased in mid-March, growing to between 5-10% of traffic.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Mitigated DDoS traffic for organizations in Ukraine was concentrated in the mid-March to May timeframe, with rapid growth in the percentage of traffic it represents. The first spikes were in the 20% range, but rapidly grew before receding, including an attack on April 19 that accounted for over 90% of traffic that day.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Since the start of the war, growth in traffic from protected organizations has varied across the categories. Traffic among Health organizations increased by 20-30x over baseline between late March and later April. Setting aside attack spikes, traffic from Journalism organizations was generally up 3-4x over baseline. Growth in the other categories was generally below 3x.

In Ukraine and beyond, what it takes to keep vulnerable groups online

For traffic mitigated by the web application firewall (WAF), the most frequently applied rule was HTTP Anomaly, associated with 92% of requests. Requests for Web content (HTTP requests) have an expected structure, set of headers, and related values. Some attackers will send malformed requests, including anomalies like missing headers, unsupported request methods, using non-standard ports, or invalid character encoding. These requests are classified as “HTTP anomalies”. These anomalous requests are frequently associated with unsophisticated attacks, and are automatically blocked by Cloudflare’s WAF.

In Ukraine and beyond, what it takes to keep vulnerable groups online

With the ongoing war, we continue to onboard and provide protection to organizations in Ukraine and neighboring countries to ensure they have access to information. Any Ukrainian organizations that are facing attack can apply for free protection under Project Galileo by visiting www.cloudflare.com/galileo, and we will expedite their review and approval.

Attack methods based on region

Across the Americas, Asia Pacific, Europe, and Africa/Middle East regions, the largest fraction (28%) of mitigated requests were classified as “HTTP Anomaly”, with 20% of mitigated requests tagged as SQL injection attempts and nearly 13% as attempts to exploit specific CVEs. CVEs are publicly disclosed cybersecurity vulnerabilities. Cloudflare monitors new vulnerabilities and quickly determines which require additional rulesets to protect our users. Depending on the vulnerability, they can be sophisticated attacks but depend on the severity, identification and response by security professionals.

In our previous report, we identified similar attack trends with SQLi injection and HTTP anomalies, classified as User agent anomalies, making up a large part of mitigated requests.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Attacks methods by on organization type

We protect a range of organizations under Project Galileo. For this dashboard, we categorized them in 6 groups: community building/social welfare, education, environmental/disaster relief, human rights and journalism. To help understand threats against these groups, we broke down the types of attacks we saw that were mitigated by the web application firewall. A majority of the mitigated traffic is from HTTP anomalies and SQLi (SQL injection).

SQLi is an attack technique designed to modify or retrieve data from SQL databases. By inserting specialized SQL statements into a form field, attackers attempt to execute commands that allow for the retrieval of data from the database, modification of data within the database, the destruction of sensitive data, or other manipulative behaviors.

In Ukraine and beyond, what it takes to keep vulnerable groups online

Learn more on the 8th Anniversary Radar DashboardSee the full report on attack trends we observed against a wide range of organizations protected under Project Galileo.

Let’s celebrate the 8th anniversary of Project Galileo!

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/lets-celebrate-the-8th-anniversary-of-project-galileo/

Let’s celebrate the 8th anniversary of Project Galileo!

Let’s celebrate the 8th anniversary of Project Galileo!

We started Project Galileo in 2014 with the simple idea that organizations that work in vulnerable yet essential areas of human rights and democracy building should not be taken down because of cyber attacks. In the past eight years, this idea has grown to more than just keeping them secure from a DDoS attack, but also how to foster collaboration with civil society to offer more tools and support to these groups. In March 2022, after the war in Ukraine started, we saw an increase in applications to Project Galileo by 177%.

Read ahead for details on all of our eighth anniversary announcements:

  • Two new civil society partners helping choose participants
  • New insights on attack patterns using data from Cloudflare Radar
  • A portal designed to ease onboarding for Galileo participants
  • Details on our sessions at RightsCon this week
  • New case studies highlighting Galileo participants and the important work they are doing

Announcing two new Project Galileo partners

This year, we are excited to welcome two new partners, International Media Support and CyberPeace Institute. As we introduce new partners, we are able to expand the project to protect a range of groups on the Internet. With this, we currently protect 1,900+ organizations in 111 countries.

With almost three years working on Project Galileo at Cloudflare, I get a front row seat to how we use security tools to protect the most vulnerable on the Internet. From journalism groups in Brazil reporting on environmental issues to social justice organizations in the United States to activists in authoritarian countries, we see a range of voices that come to Cloudflare for protection.

The anniversary of the project is one of my favorite times of the year, as it gives us the opportunity to show the world a glimpse of what we see on a daily basis. With the anniversary, it also gives us time to reflect on lessons learned and how we can improve the project.

In a time of crisis, we engage with civil society on how to protect the most vulnerable

Let’s celebrate the 8th anniversary of Project Galileo!

One of the most important lessons we have learned about Project Galileo is that in a time of crisis, whether it be the spread of COVID-19 and shift to remote work or geopolitical conflicts, we are able to quickly mobilize to offer our assistance. One way we do this is to leverage our partnerships with civil society to offer our security tools and technical expertise to those who need help to keep their online platforms secure and reliable.

This became clear at the end of February 2022 and the start of the Russian invasion of Ukraine.

After the war in Ukraine started, applications to the project increased by 177% in March 2022. Since then, we onboarded 43 organizations in Ukraine to Project Galileo. In the region, we protect 116 organizations with 62 organizations onboarded to the project during the crisis, this includes organizations in Ukraine. Many of these organizations are working in journalism and reporting on the ground in Kyiv, human rights activists that are assisting refugees fleeing the country, and groups who have built applications to alert users of incoming air raids.

We have seen how partnerships between civil society, governments, and private sector companies have given us the ability to provide a swift response in providing support to Ukraine.

We see this in the form of donations of security services to ensure that people on the ground have access to information. There has been a focus on the conflict in Ukraine primarily on how to protect organizations that work in human rights. But, many civil society groups that have been working to provide assistance may have been overlooked in the digital security context. Many times, civil society does not get as many resources to protect themselves, and we strive to provide our services to human rights defenders, but also those who support them.

We have learned in the past few months that collaboration in a time of crisis is essential to responsibly provide our protections under the project. Any Ukrainian organizations that are facing attack can apply for free protection under Project Galileo by visiting www.cloudflare.com/galileo, and we will expedite their review and approval.

What to expect for the 8th anniversary of Project Galileo

Radar dashboard

Let’s celebrate the 8th anniversary of Project Galileo!

For the Project Galileo 8th anniversary, we wanted to identify the types of attacks these groups face to better equip researchers, civil society, and organizations that are targeted with best practices for safeguarding their websites and internal data.

We created a Radar dashboard to focus on attacks against organizations in areas such as human rights, journalism, and community building groups. We onboarded a range of organizations in Ukraine and neighboring countries during the ongoing Russian invasion.

Learn more about the attacks we see against vulnerable groups protected under Project Galileo with an additional blog post and Radar dashboard tomorrow.

Social Impact Portal

Let’s celebrate the 8th anniversary of Project Galileo!

Project Galileo has grown to support more than 1,900 organizations. These organizations typically fall into two categories. The first are organizations that are familiar with the security landscape and the Cloudflare tools they need to keep their organization secure. The second, which is a majority of organizations we protect under the project, are not familiar with the threat landscape and do not have a dedicated IT staff.

We know too well that organizations that work to support democracy, accountability, and human rights face an increased rate of cyber attacks because of the sensitive nature of their work. Many times, organizations come to Cloudflare because they come under a cyber attack and need our help with mitigation and getting back online. Unfortunately, we see applications like this come in every day for Project Galileo.

With this, we wanted to create a new resource to help these organizations on their Cloudflare journey. We are proud to release a new centralized area that organizations protected under our many projects can turn to when they have questions about configurations, product requests, and training on how to keep their organization secure. With tailored videos on security products with a focus on Cloudflare Zero Trust products, we are excited to offer more resources to organizations with very little or no dedicated IT staff, to ensure they stay online and secure from cyber attacks.

Learn more about our Cloudflare Social Impact Project portal and how we built this specifically for organizations protected under our Cloudflare Impact projects this week.

RightsCon 2022

Let’s celebrate the 8th anniversary of Project Galileo!

Every year, Cloudflare sponsors Access Now’s RightsCon. RightsCon brings together a broad range of civil society groups and business and public sector stakeholders to talk and learn about digital rights issues. With topics including Internet shutdowns, digital security, privacy, and surveillance, it has it all for a great week of engaging with a range of players in the digital rights space.

This year, we are participating in a variety of events, but particularly excited about a community lab we are hosting with partner organizations like National Democratic Institute, Internews, CyberPeace Institute, and Okta. The session is focused on tools available for at-risk organizations and to learn more on how the private sector and civil society can improve security resources. We’ve learned in the last few years of Project Galileo that we are one part of the broader ecosystem. When it comes to providing tools to organizations, it is important to work together with the many players to find the best way to support organizations online and offline. We hope this session will generate further ideas on how we can work closely with others  and earn more on how organizations view security resources.

If you plan to attend RightsCon, please check out our session on Wednesday, June 8, at 12:30 pm ET. More information can be found on the RightsCon website.

Case Studies

Let’s celebrate the 8th anniversary of Project Galileo!

As we celebrate the anniversary, we want to highlight many of the organizations protected under the project and how they keep their organization secure from cyber attacks. We value organizations that want to tell their story of the amazing work they do in human rights and community building and how they stay online with Cloudflare. Our goal with telling their stories is to encourage others who may work in similar spaces to take advantage of security tools available to them. Case studies also help other organizations that may be new to the project.

Check out some of their stories on how they use Project Galileo to stay secure from cyber attacks.

If you are an organization looking for protection

As we kick off the 8th anniversary of Project Galileo, we want to thank all of our civil society partners that we work alongside to offer Cloudflare protection. If you are an organization looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

The deluge of digital attacks against journalists

Post Syndicated from Andie Goodwin original https://blog.cloudflare.com/the-deluge-of-digital-attacks-against-journalists/

The deluge of digital attacks against journalists

“A free press can, of course, be good or bad, but, most certainly without freedom, the press will never be anything but bad.”
Albert Camus

The deluge of digital attacks against journalists

Since its founding in 1993, World Press Freedom Day has been a time to acknowledge the importance of press freedom and call attention to concerted attempts to thwart journalists’ essential work. That mission is also embedded in the foundations of our Project Galileo, which has a goal of protecting free expression online — after the war in Ukraine started, applications to the project increased by 177% in March 2022 alone.

In Uruguay today, UNESCO’s World Press Freedom Day Global Conference is underway, with a 2022 theme of “Journalism under Digital Siege.”

It is a fitting and timely theme.

While the Internet has limitless potential to make every person a publisher, bad actors — both individuals and governments — routinely deploy attacks to silence free expression. For example, Cloudflare data illustrate a trend of increased cyber attacks since the invasion of Ukraine, and journalists are frequent targets. Covering topics such as war, government corruption, and crime makes journalists vulnerable to aggression online and offline. Beyond the issue of cyber attacks, Russian authorities’ decision to block websites they find objectionable has hindered citizens’ ability to access news.

The UNESCO report Threats that Silence: Trends in the Safety of Journalists spotlights the methods that criminals use to interfere with press freedom, including hacking (such as to steal confidential data) and digital attacks (one example is DDoS attacks to overwhelm a site with traffic).

Traffic spikes and news cycles

Web traffic closely follows world events, and sudden increases in interest in a topic can leave sites struggling to adjust. For example, during and after the Oscars, movie news sites like Variety and The Hollywood Reporter see drastic changes in traffic. This year, the day after the Oscars, DNS requests rose to 1,200% more than usual.

We spot the same trend during elections. As polling stations closed for the recent French presidential race, traffic to news sites rose 142% while citizens tracked results.

In wartime, ensuring the availability of a wide variety of news sources is vital so that citizens can access information relevant to their safety. In an April blog post, we highlighted Russian authorities’ decisions to block news websites. Meanwhile, traffic to several Western media outlets rose as Russian citizens sought out international sources.

Take a look at the DNS traffic from Russia to one well-known US newspaper:

The deluge of digital attacks against journalists

DNS traffic from Russia for a large French news source also grew enormously:

The deluge of digital attacks against journalists

Keeping journalists online

As previously discussed on our blog, Project Galileo was born from a mistake we made during the Russian invasion of Crimea in 2014. Because of an attack, we stopped proxying traffic of an independent newspaper in Ukraine that had been covering the ongoing Russian invasion, and the site went offline. That day prompted reflection on how we could truly live up to our mission to help build a better Internet.

Particularly during wartime, news publishers need proper resources to prevent bad actors from knocking websites offline and to manage traffic spikes. As part of Project Galileo, we provide free security and performance services to journalists, humanitarian groups, and civil rights organizations around the world. Independent media and journalism organizations make up a majority of the domains protected under the project.

The number of cyber attacks on journalists is staggering. When we examined traffic data last year, we found that journalism and media sites protected under Project Galileo are subject to over 30 million cyber attacks per day.

To identify candidates for participation in Project Galileo, we partner with dozens of free speech, public interest, and civil society organizations, including Fourth Estate, Free Press, Reporters Sans Frontières, and Institute for War & Peace Reporting.

According to W. Jeffrey Brown, founder of Fourth Estate, “The right to freedom of expression and information is an essential element of free and democratic societies. Historically, times of war and conflict are rife with weaponized misinformation, disinformation, and propaganda. The work of the free press is essential in providing people with accurate, timely, and trustworthy information: news that saves lives and property and shines a light on war crimes and human rights abuses.”

Get to know Project Galileo participants

Since many of these organizations are particularly vulnerable and subject to backlash, we do not publicly discuss participants unless we receive explicit permission. We also have never removed an organization from protection in the face of political pressure.

Below are some journalism-related organizations that have agreed to publicly talk about their participation. Check out these case studies to see what makes journalism in the digital era so challenging:

How to join Project Galileo

Applications to Project Galileo have skyrocketed since the invasion began, with many coming from organizations within Ukraine and neighboring countries. We are rapidly onboarding sites dedicated to journalism, human rights, and nonprofits that are organizing refugee efforts.

Know a site that could use our help? Public interest groups can quickly apply online, and we engage our partners to identify the at-risk websites that can benefit from the project.

Organizations spotlighting chilling effects and on-the-job dangers

Our Project Galileo partners are excellent resources for understanding the challenges journalists face, both in Ukraine and the rest of the world. Here are a few examples:

  • Committee to Protect Journalists: Examine data on the deadly risks for journalists; CPJ finds that at least 27 journalists were killed in 2021 because of their work.
  • Access Now: Get security tips and view regular updates on how the invasion of Ukraine is affecting freedom of expression online.
  • Reporters Sans Frontières: View the interactive 2021 World Press Freedom Index. It incorporates criteria including media independence, transparency, and legislative frameworks.
  • Institute for War & Peace Reporting: Learn about the dangers of covering the war in Ukraine.
  • Center for International Media Assistance: See how news outlets are leveraging encrypted messaging apps to reach audiences in developing countries and emerging democracies.
  • Council of Europe: Read the new annual report by the Council of Europe Platform for the Protection of Journalism and the Safety of Journalists; it notes that 2021 was the deadliest year for journalists in Europe since 2015.

Coming up

The eighth anniversary of Project Galileo is just weeks away. Stay tuned for case studies highlighting new and long-time participants as well as updated data from Cloudflare Radar. And for a look back at 2021 highlights from Project Galileo, download our Impact Report.

Shields up: free Cloudflare services to improve your cyber readiness

Post Syndicated from James Allworth original https://blog.cloudflare.com/shields-up-free-cloudflare-services-to-improve-your-cyber-readiness/

Shields up: free Cloudflare services to improve your cyber readiness

Since our founding, Cloudflare’s mission has been to “help build a better Internet,” and we take it to heart. It used to be that the services required to adequately secure an online presence were only available to the largest of enterprises — organizations big enough to afford both the technology itself and the teams to manage it.

We’ve worked hard over the years to level the playing field. This has meant making more and more of the essential tools for protecting an online presence available to as many people as possible. Cloudflare offers unmetered DDoS protection — for free. We were the first to introduce SSL at scale — for free. And it’s not just protection for your external-facing infrastructure: we have a free Zero Trust plan that enables teams to protect their internal-facing infrastructure, too.

These types of tools have always been important for the billions of people on the Internet. But perhaps never as important as they’ve become this week.

Concurrent with the Russian invasion of Ukraine, we’ve seen increasing cyberattacks on the Internet, too. Governments around the world are encouraging organizations to go “shields up” — with warnings coming from the United States’ Cybersecurity & Infrastructure Security Agency, the United Kingdom’s National Cyber Security Center, and Japan’s Ministry of Economy, Trade, and Industry, amongst others.

Not surprisingly, we’ve been fielding many questions from our customers about what they should be doing to increase their cyber resilience. But helping to build a better Internet is broader than just helping our customers. We want everyone to be safe and secure online.

So: what should you do?

Whether you’re a seasoned IT professional or a novice website operator, these free Cloudflare resources are available for you today. Beyond these free resources, there are a few simple steps that you can take to help stay protected online.

Free Cloudflare resources to help keep you and your organization safe

These Cloudflare services are available to everyone on the Internet. If you’re a qualified vulnerable public interest group, or an election entity, we have additional free services available to you.

Let’s start with the services that are freely available to everyone.

For your public-facing infrastructure, such as a website, app, or API:

Protect your public-facing infrastructure using the Cloudflare Network

This provides the basics you need to protect public-facing infrastructure: unmetered DDoS mitigation, free SSL, protection from vulnerabilities including Log4J. Furthermore, it includes built-in global CDN and DNS.

For your internal-facing infrastructure, such as cloud apps, self-hosted apps, and devices:

Protect your team with Cloudflare Zero Trust

These essential security controls keep employees and apps protected online by ensuring secure access to the Internet, self-hosted applications and SaaS applications. Free for up to 50 users.

For your personal devices, such as phones, computers, and routers:

Protect your devices with

Otherwise known as Cloudflare for Families. This is the same as Cloudflare’s privacy-protecting, superfast DNS resolver. However, has one big added benefit over if you click on a link that’s about to take you to malware, we step in on your behalf, preventing you from ending up on the malicious site. It’s super simple to set up:  you can follow the instructions here, then click the “Protect your home against malware” button; or simply update your DNS settings to use the following:

And while we’ve called it Cloudflare for Families, we should note: it works equally well for businesses, too.

All the services listed above are available now. They can scale to the most demanding applications and withstand the most determined attacks. And they are made freely available to everyone on the Internet.

Cloudflare provides an additional level of free services to special types of organizations.

Project Galileo: for vulnerable public interest groups

Founded in 2014, Project Galileo is Cloudflare’s response to cyberattacks launched against important yet vulnerable targets like artistic groups, humanitarian organizations, and the voices of political dissent. Perhaps now more than ever, protecting these organizations is crucial to delivering the promise of the Internet. Importantly, it’s not us deciding who qualifies: we work with a range of partner organizations such as the Freedom of the Press Foundation, the Electronic Frontier Foundation, and the Center for Democracy and Technology to help identify qualified organizations.

Over the past week we’ve seen an influx of applications to Project Galileo from civil society and community organizations in Ukraine and the region who are increasingly organizing to provide support and essential information to the people of Ukraine. To the vulnerable organizations that qualify, we offer a range of further Cloudflare services that we usually reserve for our largest enterprise customers. You can visit here to find out more about Project Galileo, or if you think your organization might qualify, we encourage you to apply here.

The Athenian Project: for election entities

As with public interest groups, there are many malicious actors today who try to interfere with free and democratic elections. One very simple way that they can do this is through cyberattacks. Just like every other Internet property, election websites need to be fast, they need to be reliable, and they need to be secure. Yet, scarce budgets often prevent governments from getting the resources needed to prevent attacks and keep these sites online.

Just like with Project Galileo, for election entities that qualify, we offer a range of further Cloudflare services to help keep them safe, fast, and online. We have more information about the Athenian Project here, and if you’re working at an election entity, you can apply at the bottom of that same page.

We’re all dependent on the Internet more than ever. But as that dependency grows, so too does our vulnerability to attack. Cloudflare provides these no cost services in the spirit of helping to build a better Internet. Please take advantage of them, and spread the word to other people and organizations who could benefit from them too.

Basic online security hygiene

Beyond Cloudflare’s free services, there are a range of basic steps that you can take to help protect your online presence. We’re imagining that almost everyone will have heard of these steps before. For those of you who have heard it but have been putting it off, now is the time. Taking these simple steps today can save you a world of cyber heartache tomorrow.

Don’t re-use passwords across accounts. It’s unfortunate, but websites and applications are compromised every day. Sometimes, a compromise will result in a hacker gaining access to all the usernames and passwords on that website or app. One of the first things a hacker will then do is try all those username and password combinations on other popular websites. If you had an account on a compromised website, and your password there is the same as the one you use for (say) your online banking account, well… they’re now in your bank account. Compounding this, compromised credentials are frequently bought and sold in illegal online marketplaces. You can check if your credentials have been compromised on this site. It’s extremely important to ensure that you don’t use the same credentials on multiple sites or apps.

Use multi-factor authentication on your accounts. This adds a second layer of identification beyond just your password. It often takes the form of a confirmation code in a text message or email, or better yet, a randomly generated code from an authentication app, or, best of all, a hardware key that you insert into your computer or wave at your phone. This helps ensure that the person logging into your account is actually you. Internally at Cloudflare, we use hardware keys exclusively because of their high security.

Use a password manager. If you want to compress the two above steps down into one, find and begin using a password manager. A password manager helps you manage passwords across multiple accounts; it automatically creates a random and unique password for each login you have. It can also manage randomly generated multi-factor authentication for you. If you’re in the Apple ecosystem, Apple has one built into iOS and macOS that will sync across your devices. 1Password and LastPass are also very popular examples. We require the use of a password manager at Cloudflare, and recommend their use to everyone.

Keep your software up to date. This applies for all your software — both operating systems and applications, on computers and on your phone. Flaws and potential security holes are being discovered all the time. While vendors are increasingly quick to react, and software can be patched over the Internet in a matter of minutes — this only works if you click the “Install Update Now” button. Or better yet, you can set updates to be automatic, and this can help to guarantee that your systems stay current.

Be extra cautious before clicking on links in emails. According to the CISA, more than 90% of successful cyber-attacks start with a phishing email.  This is when a link or webpage looks legitimate, but it’s actually designed to have you reveal your passwords or other sensitive information. You can double-check the URL of any links you click on. Or better yet, type the URL in yourself, or search for the site you’re looking for from your search engine. Finally, (see above in this post) can help protect you in the event that you do click on one of these phishing links.

Be extra cautious giving credentials to people who have called you. Phishing doesn’t just happen via email. It can happen over the phone, too. It might be a call from someone claiming to work at your bank, telling you there’s strange activity on your account. Or someone claiming to be an IT administrator at your company, asking why you’ve been looking at strange websites. After putting you on the back foot, they’ll ask for something so they “can help you” — possibly a password or a text confirmation code. Don’t give it to them. If you’re at all unsure of anyone who just called you, there’s a simple solution: ask them for their name, their department, and their organization, and then hang up. You can then call them back through a phone number that their organization advertises on their homepage.

Have an offline, or at least a cloud-based, backup of critical or irreplaceable data. Even if you follow every last piece of advice above, there is still the risk that something bad happens. A backup of your critical data — ideally offline, but even one up in the cloud — is your last line of defense. Beyond security resilience, backups also improve your general resilience. Lost devices, natural disasters, and accidents happen. Backups mitigate the impact.

These are simple and immediate actions you can take to help keep your online presence secure.

From everyone at Cloudflare: we hope that you and your loved ones are safe during these unpredictable times.

Protecting Holocaust educational websites

Post Syndicated from Omer Yoachimik original https://blog.cloudflare.com/protecting-holocaust-educational-websites/

Protecting Holocaust educational websites

Protecting Holocaust educational websites

Today is the International Holocaust Remembrance Day. On this day, we commemorate the victims that were murdered by the Nazis and their accomplices.

During the Holocaust, and in the events that led to it, the Nazis exterminated one third of the European Jewish population. Six million Jews, along with countless other members of minority and disability groups, were murdered because the Nazis believed they were inferior.

Cloudflare’s Project Galileo provides free protection to at-risk groups across the world including Holocaust educational and remembrance websites. During the past year alone, Cloudflare mitigated over a quarter of a million cyber threats launched against Holocaust-related websites.

Antisemitism and the Final Solution

In the Second World War and the years leading up to it, antisemitism served as the foundation of racist laws and fueled violent Pogroms against Jews. The tipping point was a night of violence known as the Kristallnacht (“Night of Broken Glass”). Jews and other minority groups were outlawed, dehumanized, persecuted and killed. Jewish businesses were boycotted, Jewish books burned and synagogues destroyed. Jews, Roma and other “enemies of the Reich” were forced into closed ghettos and concentration camps. Finally, as part of the Final Solution for the Jewish Question, Germany outlined a policy to deliberately and systematically exterminate the Jewish race in what came to be known as the Holocaust.

As part of the Final Solution, the Nazis deployed mobile killing units. Jews were taken to forests near their villages, forced to dig mass graves, undress, and then shot — falling into the mass graves they dug. This was the first step. However, this was “inefficient”. More “efficient” solutions were engineered using deadly gas. Eventually, six main extermination camps were established. They were extremely “efficient” at exterminating humans. Initially, the Nazis experimented with gas vans for mass extermination. Later, they built and operated gas chambers which could kill more humans and do it faster. After being gassed, prisoners would load the bodies into ovens in crematoriums to be burned. In one of the larger death camps, Auschwitz-Birkenau, more than one million Jews were murdered — some 865,000 were gassed and burned on arrival.

Fighting racism with education

Seventy-seven years later, sadly, racism and antisemitism are once again on the rise and have gained traction across Europe during the pandemic and across UK university campuses. Earlier this week, United Nations Secretary-General António Guterres decried the resurgence of antisemitism and said that “…the rise in antisemitism — the oldest form of hate and prejudice — has seen new reports of physical attacks, verbal abuse, the desecration of Jewish cemeteries, synagogues vandalized, and last week the hostage-taking of the rabbi and members of Beth Israel Congregation in Colleyville, Texas.

It is through education that we will defeat bigotry and racism, and we will do our part at Cloudflare — through education and by supporting Holocaust educational organizations.

“Our response to ignorance must be education”
– United Nations Secretary-General António Guterres

Supporting Holocaust educational organizations with Project Galileo

As part of Project Galileo, we currently provide free security and performance products to more than 1,500 organizations in 111 countries. These organizations are targeted by cyber attacks due to their critical work. These groups include human rights defenders, independent media and journalists, and organizations that work in strengthening democracy. Among them are organizations dedicated to educating about the horrors of the Holocaust, and preserving and telling the stories of the victims and survivors of the Holocaust to younger and future generations.

Protecting Holocaust educational websites

Over the past year, we’ve seen cyber attacks on Holocaust-related websites gradually increase throughout the year. These attacks include mostly application-layer attacks that were automatically detected and mitigated by Cloudflare’s Web Application Firewall and DDoS Protection systems.

In May 2021, cyber attacks on Holocaust-related websites peaked as they increased by 263% compared to their monthly average.

Protecting Holocaust educational websites

Applying to Project Galileo

Cloudflare’s mission is to help build a better Internet. Part of this mission includes protecting free expression online for vulnerable groups.

The Internet can be a powerful tool in this matter. However, organizations often face attacks from powerful and entrenched opponents, yet operate on limited budgets and lack the resources to secure themselves against malicious traffic intended to silence them. If they are silenced, the Internet stops fulfilling its promise.

To combat the threats, Cloudflare’s Project Galileo provides robust security and performance products for at-risk public interest websites at no cost. Application to Project Galileo is open to any vulnerable public interest website. You can apply via our partners or apply directly to Project Galileo if you don’t have any affiliation with our trusted partners.

A note from Cloudflare’s Jewish employees

Many of us, like myself, are descendants of Holocaust survivors. My grandparents fled from Nazi-occupied Poland to survive. Sadly, my grandparents — as other elderly survivors, are no longer with us. Many of us have faced antisemitism in various forms. Together, we are part of Cloudflare’s Employee Resource Group for Cloudflare’s Jewish community: Judeoflare. We have a responsibility to make sure the world remembers and never forgets the atrocities of the Holocaust and what racism and antisemitism can lead to.

Protecting Holocaust educational websites

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/project-galileo-and-the-global-cyber-alliance-cybersecurity-toolkit-for-journalists/

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

Cloudflare started Project Galileo in 2014 to provide a set of free security products to a range of groups on the Internet that are targeted by cyberattacks due to their critical work. These groups include human rights defenders, independent media and journalists, and organizations that work in strengthening democracy. Seven year later, Project Galileo currently protects more than 1,500 organizations in 111 countries.

A majority of the organizations protected under Project Galileo work in independent media and journalism, and are targeted both physically and online as a result of reporting critical events around the world. From July 2020 to March 2021, there were more than seven billion cyberattacks against Project Galileo journalism and media sites, equating to over 30 million attacks per day against this group. We reported many of these findings for the 7th anniversary of Project Galileo’s Radar Dashboard.

Global Cyber Alliance

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

We have reported on the cyber threats to independent journalists and media organizations in the past, with the goal of creating best practices on how to protect these groups online. As we shared these insights, we started to collaborate with organizations that provide support and resources to improve journalists’ cybersecurity capabilities and respond to threats. One of these organizations that we were excited to engage with was the Global Cyber Alliance.

The Global Cyber Alliance (GCA​) is an international, cross-sector nonprofit dedicated to confronting systemic cyber risks and improving our connected world. GCA develops free, easy and accessible tools to a range of stakeholders on the Internet including small businesses, journalists and, election officials around the world. Each toolkit is curated with tools and guidance on managing passwords, encrypting your data, backing up data, secure email, and browsing, anti-virus, DNS Security and more.

“As journalism increasingly, if not exclusively, relies on connected resources to investigate and report news, these capabilities offer tremendous benefit, particularly as newsrooms face budget constraints. At the same time, connected resources if not secured properly can unknowingly risk journalists, their sources, and the developments they cover,” said Megan Stifel, Global Policy Officer and Capacity & Resilience Program Director at the Global Cyber Alliance. “Resources such as Project Galileo play an important role in helping journalists protect themselves and their work, enabling them to report the news on their terms. GCA is pleased to add this resource to our free Cybersecurity Toolkit for Journalists, which is one of three toolkits available through our Capacity & Resilience Program.”

Project Galileo and the GCA Cybersecurity Toolkit for Journalists

Cloudflare is thrilled to have Project Galileo included in the GCA Cybersecurity Toolkit for Journalists to provide the tools and resources for journalists in order to be safer online. The free tools in the toolkit include:

  • DNS Security with WARP: Cloudflare VPN (WARP) on devices, or their router, to Cloudflare’s DNS Resolver ( With it automatically blocks known malware before your browser has a chance to load it.
  • End-to-End Encryption with Cloudflare SSL: Trust is essential for journalists and their public facing websites as they are a source of truth to their audience. With Cloudflare SSL, they can ensure that information is private and secure for visitors who engage with these websites. SSL also stops certain kinds of cyberattacks as it authenticates web servers, which is important because attackers will often try to set up fake websites to trick users and steal data.
  • Cloudflare for Teams products Access & Gateway: To assist media organizations, Cloudflare for Team’s products Access & Gateway makes remote works safer for teams around the world with protecting internal applications and DNS filtering to ensure that journalists keep their sensitive information secure and do not fall victim to a cyberattack. Read more on how a local news outlet in New Jersey uses Gateway to filter and block malicious attacks and phishing attempts.

We are excited to be working with the Global Cyber Alliance and look forward to further collaboration on guidance, tools, and resources to improve security for individuals and organizations.

Celebrating 7 Years of Project Galileo

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/celebrating-7-years-of-project-galileo/

Celebrating 7 Years of Project Galileo

Celebrating 7 Years of Project Galileo

Every June, we celebrate the anniversary of Project Galileo. This year, we are proud to celebrate seven years of protecting the most vulnerable groups on the Internet from cyber attacks. June is a busy month for us at Cloudflare, with the anniversary of Project Galileo and Access Now’s RightsCon, one of the largest events on human rights in the digital age. As we collaborate with civil society on topics from technology, privacy, digital security and public policy, we learn how to better protect critical voices on the Internet but also how to use the Cloudflare network to make positive changes to the Internet ecosystem.

We started Project Galileo in 2014 with the idea that we need to protect voices that are targeted for working in sensitive areas. As such, we give these voices the resources to protect themselves online against powerful opponents. Whether their opponent’s aim is to intimidate, silence, or steal sensitive information, cyber attacks can cause significant damage to organizations that work in areas such as human rights, independent media, education, and social justice. As the world moves online — a factor accelerated by COVID-19 — access to powerful cybersecurity tools is critical for organizations around the world. Our goal at Cloudflare is to help build a better Internet. Part of that goal is helping those who are disproportionately targeted by cyber attacks due to their critical work. We do this by providing the tools they need to stay online to continue their mission in serving the public good.

For the 7th anniversary of Project Galileo, we want to provide a glimpse of what we work on every day when it comes to protecting vulnerable groups on the Internet. Below are some of these stories with information on threats against these groups, highlights from the past year as well as new tools organizations utilize to protect against cyber threats.

Highlights from the past year

  • In the past year, we have seen a 50% increase in organizations that receive protection under Project Galileo. There are now more than 1,500 in 111 countries.
  • We partner with 40 civil society organizations that review and approve websites for protection under Project Galileo.
  • There are 5x as many cyberattacks against all Project Galileo sites compared to our update last year, with 13 billion attacks between August 2020 and March 2021. This is an average of 53 million cyber attacks per day in the past eight months.
  • Project Galileo was recognized as a Spotlight Recipient by The Tech Spotlight at Harvard Kennedy School’s Belfer Center for its commitment to serve the public good in areas of digital technologies.
Celebrating 7 Years of Project Galileo

Project Galileo Radar dashboard

In September 2020, we launched Radar, a platform that provides insight into Internet trends to help anyone understand security, performance and usage of the Internet. For Project Galileo, we wanted to identify the types of attacks these groups face to better equip researchers, civil society and organizations that are targeted with best practices for safeguarding their website and internal data.

In the last year, as many organizations moved to online operations, this opened the floodgates to malicious cyber activity. To learn more about the cyber attacks those protected under the project suffer, visit our Project Galileo 7th Anniversary Radar Dashboard.

Celebrating 7 Years of Project Galileo

Project Galileo and Harvard Tech Spotlight

This year, we were thrilled for Project Galileo to be recognized as a Spotlight Recipient by The Tech Spotlight at Harvard Kennedy School’s Belfer Center. The Tech Spotlight recognizes projects and initiatives that demonstrate a commitment to public purpose in the areas of digital technologies. Nominations are evaluated based on their proven ability to reduce societal harms and protect public purpose values including privacy, safety and security, transparency and accountability, and inclusion. In the past year, we have seen how people interact and utilize the Internet, the increase in malicious cyber attacks as well as sophisticated attacks against social justice groups, and an increase in application to the project from COVID-19 relief efforts. This has shown us new ways in which Project Galileo can help during times of crisis for a wide range of groups on the Internet.

Protecting internal applications for community-building nonprofits with Cloudflare Access

In the past year, we learned how organizations had to quickly implement a work-from-home solution and many of the risks associated with this shift to remote working. Due to the increased need for secure remote access while also maintaining a strong security posture, we started offering Cloudflare Access under Project Galileo. At a high level, Access gives organizations the ability to secure internal applications — such as internal knowledge resources of help desk platforms. In the case of Project Galileo, when volunteers connect to these applications they must authenticate with their identity provider — such as Google or Okta. Then Cloudflare checks their login against rules the IT administrator has deployed and, if permitted, allow them to access the application. This provides a secure remote work environment by not allowing unauthorized access to sensitive internal applications.

Learn more about how Project Galileo participants, World University Service Canada and Unbound use Access to secure their remote workforce.

World University Service of Canada, Canada

Celebrating 7 Years of Project Galileo

World University Service of Canada is a Canadian non-profit organization that works in international development with a diverse network of students, volunteers, schools, governments, and businesses. “Through this program, we work with the Canadian post-secondary community to provide access to resettlement and higher education for young refugees. Since 1978, our network has resettled more than 2,000 refugee youth to Canada where they are able to build a better future for themselves and their families,” says Ken Fraser, the Deputy Director of IT and Digital Transformation at the organization. Ken wears many hats at WUSC with a team of five providing IT services and support for staff around the world.

“A big challenge we had previously was that our security tools only protected internally hosted applications. For any sites we hosted with an external provider there were no monitoring or security tools available, aside from whatever the service provided,” says Ken. “This has all changed now with Cloudflare. Any site that we proxy through the Cloudflare network has the same reporting, performance and security features such as the web application firewall available whether internally or externally hosted.”

For internal applications, WUSC uses Cloudflare Access to keep their team in Canada and abroad secure when accessing the organization’s internal applications. Ken explains, “Cloudflare Access has been an integral part of securing our sites, and even more so now that we’re all working from home. For example, all of our sites using WordPress are protected with a Cloudflare Access policy in order to prevent anyone on the Internet from getting to the login page, and only specific email addresses added to the policy can get through. It was very simple to set up within Cloudflare and had an immediate benefit to the security posture of our sites.” With Access, Ken and the team can monitor and enforce rules to ensure that unauthorized attempts to access their WordPress login pages stop at Cloudflare’s network first.

You can read the World University Service of Canada’s case on the Project Galileo website.

Unbound, United States

Celebrating 7 Years of Project Galileo

Unbound is an international nonprofit based in Kansas City, with an ambitious goal of bringing people together to challenge poverty in new and innovative ways in 19 countries around the world. The organization differs from the typical child sponsorship charity, as they sponsor a range of people from children to elders — they are actually one of the few organizations that offers sponsorships to the elderly. “At Unbound, our mission is to walk with the poor and marginalized of the world, and we do that by providing personal attention and direct benefits to children, youth, elders and their families, so they may live with dignity, achieve their inherent potential and participate fully in society,” explains John Dougherty, the Director of Technology Services for Unbound.

The organization applied for Project Galileo as a way to increase their security posture and secure their public-facing website, as well as some custom-built web-facing applications used by staff spread across the 19 countries the organization operates in. We first used Cloudflare Access to protect the admin side of the website for many of our staff members”, says Dougherty. In March 2020, due to the spread of COVID-19, Dougherty and the IT team had one week to implement a secure work-from-home solution for their staff. “We needed a way for our staff to access the organization’s internal ticketing system, help desk, and knowledge base in a simple and reliable manner. Now, more than 150 users can easily access the services they need to continue to provide support to those in need.”

With Project Galileo, the organization has the ability to focus on their mission of helping others while not having to worry about data breaches or being taken offline. Dougherty explains, Project Galileo has given us the ability to leverage technology to help us operate in a lean and efficient way. Anytime Unbound receives these types of services to secure our website and not have to worry as much about being taken offline due to a cyber attack or have sensitive information compromised, we can spend more time and money on providing direct support to families living in extreme poverty.”

You can read the Unbound case on the Project Galileo website.

Protecting journalists & LGBTQ+ organizations from malware and phishing attacks with Cloudflare Gateway

Beyond organizations using Cloudflare Access to protect access to their internal applications, we also had organizations reaching out and asking about the best way to protect their internal data due to a surge in malware and cyber attacks. We started to offer Cloudflare Gateway under Project Galileo as organizations shifted from office settings to home offices. Gateway uses DNS filtering to block malicious content, ransomware, and phishing before your browser has a chance to load it. It acts as a filter, and automatically blocks unsafe content from web traffic to stop cyber threats and data breaches. As many of these attacks are sophisticated and personalized to organizations, these attacks target human rights groups, journalists and civil society around the world every day. Gateway is a tool that can easily block these threats so workers do not accidentally click malicious links.

Learn about how a local journalism group in New Jersey and LGBT+ helpline in the UK uses Gateway to protect against these threats.

New Brunswick Today, United States

Celebrating 7 Years of Project Galileo

New Brunswick Today has been serving the city of New Brunswick, NJ (home to Rutgers University) since 2011. The paper covers community matters, corruption, culture, real estate development and more. Recently, the paper has been focused on the spike in gun violence since the COVID-19 pandemic. Justin Freid, head of digital strategy at New Brunswick Today, turned to Cloudflare to help mitigate repeated attacks on the site that started in late 2015. He is familiar with journalists being threatened and harassed due to the sensitive nature of their work. “Our journalists have been targeted with physical and online threats, so we have to be diligent and aware of the security tools and precautions we use,” says Freid.

New Brunswick Today appeared on an episode of Full Frontal with Samantha Bee focused on saving local news, highlighting the importance of local journalism and its role in the community after one of NBT’s stories caught nationwide attention for its coverage of public corruption at the city water utility.

During COVID-19, the organization started to use Cloudflare Gateway to filter and block malicious attacks and phishing attempts. They route their traffic through Gateway, with policies maintained and enforced via Cloudflare’s dashboard specifically for their editors’ devices. We use Gateway on our editors so that we can browse more confidently. As a local newspaper, we receive source material and are worried it may contain malware looking to thwart our systems and possibly steal sensitive information about pieces that are being written by the paper,” says Fried. “The idea that Cloudflare is able to filter malware before it reaches our device, increases confidence for our journalists that they need when they write, investigate and publish stories to keep citizens of New Brunswick informed on local issues.”

You can read the New Brunswick Today case on the Project Galileo website.

Switchboard LGBT+ Helpline, United Kingdom

Celebrating 7 Years of Project Galileo

Switchboard is one of the oldest telephone helplines in the United Kingdom founded back in 1974 to provide support and information to people of all kinds but especially those who identify as LGBT+. Fast-forward to 2021 and the organization is in high gear, with an average of 1,500 unique service users a month connecting with volunteers who are available seven days a week.

“Our goal at Switchboard is to provide a safe judgement free-space for those who need support. We have people that call in to talk about things such as seeking help in navigating their gender identity, looking for resources on mental health in the UK, or to discuss issues in their community when it comes to LGBT+ rights,” explains Pete Hannam. Switchboard is a volunteer-led charity so Hannam holds many responsibilities from answering phone calls and providing support to callers, to developing and securing the organization’s online platform.

Switchboard started as a phone helpline but with the growth of emerging technologies and new forms of communications over the years, they adapted by adding new channels such as email and real-time chat. Technology also helped the organization respond to COVID-19 quickly, and they transitioned their platform to be fully online quickly to handle the many calls, emails and chats that volunteers at Switchboard received related to the uncertainty of the pandemic on careers and social disengagement with people around the world. Hannam estimates the organization saw an increase in communication via email and chat grow from 30% to 55%.

Switchboard joined Project Galileo in May 2019 primarily to have more visibility into HTTP traffic including threats that targeted their site. “We had very basic web services with no idea what type of traffic or access people may have had to our backend systems. Unfortunately, our site was hacked because of a vulnerability in a WordPress plugin. We had no visibility into our traffic or threats before Cloudflare and due to this didn’t realise that our site had been compromised,” explains Hannam. “As an organization that provides a platform for those sharing sensitive information about things such as gender identity or abuse they suffered, trust is essential for us and presenting an insecure platform is a huge breach of respect and professionalism.” The organization was accepted to Project Galileo and immediately enabled Cloudflare SSL certificates to encrypt, authenticate and provide a sense of trust to users that use the organization’s support services. From there, they used the web application firewall to automatically block hackers’ attempts to exploit vulnerabilities in their website’s PHP code.

In the past year, Switchboard implemented Cloudflare Gateway. As the organization looks toward the future, which includes returning to the office in some form, they were looking for a solution to automatically block viruses and phishing attempts that spread over the Internet through malicious web pages. Gateway helps as a first layer of defence against most security threats and prevents the organization’s network and devices from getting infected by malicious software that their volunteers may accidentally download. Hannam explains, “We have the exact same issues as large companies, possibly even more targeted due to the sensitivity of our work, with significantly fewer resources. So it is important for organizations such as ours to have the opportunity to use advanced security tools, and Cloudflare’s Project Galileo allows us access to these tools to keep our site reliable, secure and trustworthy.”

You can read the Switchboard UK case on the Project Galileo website.

To the future…

As world events shape the ways in which organizations maintain their online platforms and workforce, Project Galileo has adapted to these situations. We look forward to continuously working with our civil society partners on the best way to support organizations and provide products that help them stay online, secure their internal teams, and focus on their mission of helping the greater good.