Cybersecurity agency Cloudflare has issued a stark warning concerning the escalating menace panorama going through impartial media organizations worldwide, revealing that journalists and information retailers have turn out to be the first targets of refined distributed denial-of-service (DDoS) assaults.
The corporate’s newest Venture Galileo eleventh Anniversary report exposes a dramatic surge in cyberattacks towards media organizations, with over 97 billion malicious requests blocked throughout 315 totally different information organizations between Could 2024 and March 2025.
Venture Galileo (Supply – Cloudflare)
The assaults signify a regarding shift within the ways used to silence impartial journalism, significantly focusing on investigative retailers working in areas beneath authorities strain, together with Russia and Belarus.
Not like conventional malware campaigns that depend on infiltrating programs by means of contaminated recordsdata or phishing emails, these DDoS assaults overwhelm information web sites with huge volumes of visitors, rendering them inaccessible to professional readers and successfully silencing their reporting capabilities.
The size of those assaults has reached unprecedented ranges, with Cloudflare blocking a median of 325.2 million cyber threats per day—a staggering 241% enhance from the earlier yr.
Cloudflare analysts recognized the height of this coordinated assault occurring on September 28, 2024, when attackers launched their most intensive marketing campaign towards media organizations.
The researchers famous that these assaults primarily make the most of Layer 7 application-level DDoS methods, which account for 92.88% of all mitigated visitors towards journalism organizations, in comparison with simply 5.93% of assaults trying to use conventional net utility vulnerabilities by means of the Internet Software Firewall.
The sophistication and coordination of those assaults grew to become significantly evident within the case of the Belarusian Investigative Heart, an impartial nonprofit newsroom devoted to exposing corruption and debunking disinformation from authoritarian regimes.
The group utilized for Venture Galileo safety on September 27, 2024, whereas already beneath assault, and subsequently confronted a large DDoS assault that generated over 28 billion requests in a single day.
This assault demonstrated the attackers’ capacity to maintain extended campaigns, lasting 4 days with a median of 320,000 requests per second.
Superior DDoS Assault Mechanisms and Evasion Strategies
The technical evaluation of those assaults reveals a regarding evolution in DDoS methodology particularly tailor-made to focus on media organizations. Not like standard volumetric assaults that merely flood community infrastructure, these campaigns make use of refined Layer 7 HTTP flood methods that mimic professional consumer habits whereas overwhelming utility sources.
The attackers make the most of machine learning-resistant patterns that try to bypass Cloudflare’s behavioral evaluation programs by distributing requests throughout a number of supply IP addresses and ranging request timing to seem extra natural.
The assault vectors primarily deal with HTTP anomalies, representing 41.71% of Internet Software Firewall mitigations, the place attackers intentionally ship malformed requests with lacking headers, unsupported request strategies, or invalid character encoding.
This method serves a twin function: it consumes server sources whereas concurrently probing for utility vulnerabilities that could possibly be exploited in subsequent assaults.
The distributed nature of those assaults usually includes coordinating requests from compromised units throughout a number of geographic areas, making conventional IP-based blocking ineffective and requiring extra refined detection algorithms that analyze request patterns and behavioral signatures slightly than supply identification alone.
Automate menace response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs throughout all endpoints -> Request full entry
