Cyber attacks on Ukrainian media outlets have shot up since Russia’s invasion of Ukraine. Figures from content delivery network and distributed denial of service (DDoS) mitigation company Cloudflare show a large spike in attacks on journalism and civil society organisations since the invasion began on 24 February.
Cloudflare began offering free cyber security protection to such organisations through its Project Galileo solution in 2014 after spotting an “unsettling trend” of cyber attacks against them.
Since the invasion, however, Cloudflare has seen an increase in applications to Project Galileo. “Many came in while [organisations were] under DDoS attack [where attackers overwhelm websites with traffic, blocking normal users from viewing them], but we also saw sites subject to large influxes of traffic from people on the ground in Ukraine attempting to access information on the ongoing war,” the company said.
“While traffic [to] organisations in Ukraine was largely flat before the start of the war, since that time, traffic increases primarily have been driven by organisations that work in journalism and media.”
The figures show large amounts of hostile traffic to these organisations being blocked by Cloudflare’s Web Application Firewall (WAF), which is a shield placed between a website and the internet. WAFs can protect against a range of attacks, including cross-site scripting (or XSS, which redirects users to non-legitimate websites to steal information from them) and structured query language (SQL) injection (which attacks vulnerabilities in databases).
As well as stopping some harmful traffic using the WAF, Cloudflare reported that they have also stopped a steady stream of DDoS attacks against journalism organisations. On 19 April, one DDoS attack represented 90 per cent of traffic to Ukrainian journalism organisations protected by Cloudflare’s Project Galileo.
Almost 80 per cent of all DDoS attacks targeting Ukraine were against broadcast, online media and publishing organisations.
The cyber war on the media isn’t just happening in one direction. Separate Cloudflare figures show that Russian media companies were the most targeted industry within the country from January to March 2022, making up more than 80 per cent of DDoS attacks.
Of those, direct attacks from Ukraine made up about 5 per cent. Some 22 per cent of attacks on Russian online media came from Germany, 21 per cent originated in the US, and 13 per cent came from Finland.
Attacks on both countries are distributed across many source countries. For example, most of the attack traffic against Ukraine originated from the US, Russia, Germany, China, the UK and Thailand, which Cloudflare suggested may indicate the use of global botnets.