After businesses and commercial organisations, hackers seem to be targeting civil society organisations, such as LGBTQ+ support groups and emergency assistance organisations across the world.
The bulk of these attacks are aimed at making the websites of these organisations inaccessible by launching DDoS attacks.
Cybersecurity solutions company Cloudflare has said it helped LGTBTQ+ groups mitigate 7.90 lakh attacks a day in the last 10 months.
“Between July 1, 2022, and May 5, 2023, we mitigated 20 billion attacks against organisations protected under Project Galileo. This is an average of nearly 67.7 million cyber attacks per day during the 10-month period,” Jocelyn Woolbright of Cloudflare has said in a blog post.
“Attacks targeting civil society organizations are generally increasing. We have broken down an attack aimed at a prominent organisation, with the request volume climbing as high as 6.67 lakhs per second. Before and after this time the organisation saw little to no traffic,” she said.
What is a DDoS attack?
This indicates sustained attacks by hackers on these organisations. A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. These attacks are generally launched by hackers, using scores of computers that were already compromised. When an army of computers sends access requests to a website, it denies access to the genuine visitors.
The DDoS attacks cause enormous damage to organisations and inconvenience to users and citizens as they will not be able to access to the desired site when they need to access it.
Cloudflare saw similar spikes in traffic to organisations in Ukraine that provide emergency response and disaster relief coincide with bombings of the country over the 10-month period.
Zero Trust Roadmap
“We have created a new Zero Trust Roadmap for high-risk organisations to make the complex world of cyber security more accessible and understandable to a wider audience,” she said.
“We wanted to identify the types of attacks these groups face to better equip researchers, civil society, and organisations that are targeted with best practices for safeguarding their websites and internal data,” she pointed out.
A Zero Trust approach in cybersecurity parlance means – one should trust no one when it comes to giving access to a network or a device. You must know who is accessing a network. You must allow access according to the specific job role. The approach also wants an organisation to have a full visibility of its computer network to secure it well.