Hacks Against Ukraine’s Emergency Response Services Rise During Bombings

internet infrastructure company Cloudflare has offered the free web security service Project Galileo for nearly a decade, giving human rights and public interest organizations around the world access to defenses against DDoS attacks and other common online hacking techniques. More than 2,271 websites in 111 countries now use the service, including 81 Ukrainian organizations, the majority of which joined after the Russian invasion in February 2022. The main aim of Project Galileo is simply to utilize Cloudflare’s products and scale for organizations that might not otherwise have any web defenses at all. By examining the threats that different participants are facing, the company hopes to also raise awareness about what could be coming next.

In Ukraine, for example, Cloudflare found that emergency response services in numerous cities that are enrolled in Project Galileo—including those that perform search and rescue; offer medical care; and distribute supplies like food, water, and medicine—face spikes of malicious traffic concurrent with Russian bombings. Many of the other Ukrainian organizations that use Project Galileo are human rights groups or work in independent media and journalism. They often see increases in attacks around moments of international controversy, like when Russia assumed the presidency of the United Nations Security Council on April 1.

In a report released today, Cloudflare delved into data on attack trends across Project Galileo participants, including those in Ukraine, abortion and reproductive rights organizations, and LGBTQ+ groups. The company says that between July 1, 2022 and May 5, 2023, it mitigated 20 billion attacks against Project Galileo enrollees.

“We’re not specifically placing blame for the sources of the attacks,” says David Belson, Cloudflare’s head of data insight. “But we’re seeing things play out in new and unique ways. In Ukraine, if Russia is trying to attack them physically, and then an actor is trying to prevent them from getting access to the sites that provide emergency resources on the digital side, it’s a new facet in warfare.”

Since last summer, Project Galileo mitigated an average of 790,000 attacks per day against LGBTQ+ organizations and an average of 1.52 million per day against reproductive rights groups, Cloudflare says. In addition to defending against DDoS attacks—firehoses of junk traffic meant to deluge a site and take it down—more and more of the defense Project Galileo provides comes from Cloudflare’s Web Application Firewall. The service helps defend sites against actual web application vulnerability exploitation, including hackers’ attempts to launch common attacks like injecting malicious scripts and manipulating databases.

“In those cases, it means that the attacks were less brute force—‘I’m going to try to knock this site down by throwing a load of garbage traffic at it’—and maybe a slightly more mature type of attack, probing to try to find a way in,” Belson says. “The intent then is not to take them down, but to do something arguably more malicious, like exfiltrate data.”

Defending small or under-resourced sites against DDoS attacks is still a key component of Project Galileo’s offering, though. And Cloudflare researchers emphasize that it’s important for sites to have some sort of protection in place, even if they’ve never been targeted before, because sites with low daily traffic, like those that provide resources to small or regional audiences, can so easily be overwhelmed by an unexpected DDoS attack.

“The goal is to provide some background for civil society groups to make them think about what they should be protecting against and show that these threats are real,” says Alissa Starzak, Cloudflare’s vice president and global head of public policy. “We often see attacks against websites if there are things happening in the physical world—controversy about a subject, focus on a particular topic. The organizations that are targeted are the ones that are navigating that.”

Comments are closed.