Support 100 years of independent journalism.

  1. Spotlight
  2. Cyber
18 July 2022updated 19 Jul 2022 11:12am

In the cyber war between Russia and Ukraine, media companies are under threat

Figures show a large spike in attacks on journalism and civil society organisations since the invasion.

By Michael Goodier

Cyber attacks on Ukrainian media outlets have shot up since Russia’s invasion of Ukraine. Figures from content delivery network and distributed denial of service (DDoS) mitigation company Cloudflare show a large spike in attacks on journalism and civil society organisations since the invasion began on 24 February.

Cloudflare began offering free cyber security protection to such organisations through its Project Galileo solution in 2014 after spotting an “unsettling trend” of cyber attacks against them. 

Since the invasion, however, Cloudflare has seen an increase in applications to Project Galileo. “Many came in while [organisations were] under DDoS attack [where attackers overwhelm websites with traffic, blocking normal users from viewing them], but we also saw sites subject to large influxes of traffic from people on the ground in Ukraine attempting to access information on the ongoing war,” the company said.

“While traffic [to] organisations in Ukraine was largely flat before the start of the war, since that time, traffic increases primarily have been driven by organisations that work in journalism and media.”

The figures show large amounts of hostile traffic to these organisations being blocked by Cloudflare’s Web Application Firewall (WAF), which is a shield placed between a website and the internet. WAFs can protect against a range of attacks, including cross-site scripting (or XSS, which redirects users to non-legitimate websites to steal information from them) and structured query language (SQL) injection (which attacks vulnerabilities in databases).

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.

As well as stopping some harmful traffic using the WAF, Cloudflare reported that they have also stopped a steady stream of DDoS attacks against journalism organisations. On 19 April, one DDoS attack represented 90 per cent of traffic to Ukrainian journalism organisations protected by Cloudflare’s Project Galileo.

Almost 80 per cent of all DDoS attacks targeting Ukraine were against broadcast, online media and publishing organisations.

Content from our partners
How to create a responsible form of “buy now, pay later”
“Unions are helping improve conditions for drivers like me”
Transport is the core of levelling up

The cyber war on the media isn’t just happening in one direction. Separate Cloudflare figures show that Russian media companies were the most targeted industry within the country from January to March 2022, making up more than 80 per cent of DDoS attacks. 

Of those, direct attacks from Ukraine made up about 5 per cent. Some 22 per cent of attacks on Russian online media came from Germany, 21 per cent originated in the US, and 13 per cent came from Finland.

Attacks on both countries are distributed across many source countries. For example, most of the attack traffic against Ukraine originated from the US, Russia, Germany, China, the UK and Thailand, which Cloudflare suggested may indicate the use of global botnets.

Topics in this article: , , ,