UN Women Australia thwarts cyber attack with Cloudflare aid

UN Women Australia, a not-for-profit organisation dedicated to advocating for women's rights and well-being, faced a significant cyber threat recently. Working alongside Cloudflare, they managed to navigate and mitigate these challenges, spotlighting the growing cybersecurity needs of vulnerable organisations in 2024.

UN Women Australia, which funds its programs primarily through public and private donations and merchandise sales via digital channels, experienced a series of bot-driven banking identification number (BIN) attacks. These attacks aimed to exploit vulnerabilities in third-party payment services by attempting to guess valid credit card details, leading to numerous fraudulent transaction attempts. This not only disrupted operations but also posed a serious financial threat, with potential losses amounting to thousands of dollars in service fees.

With limited technical resources and budget, the organisation found itself in a precarious position. Initial steps to block the online assault involved closing donation and payment gateways and manually validating transactions. However, a more sustainable solution was required, leading UN Women Australia to seek assistance from Project Galileo, an initiative by Cloudflare aimed at supporting vulnerable public interest organisations.

Cloudflare promptly became the organisation's trusted cybersecurity advisor, conducting a thorough analysis of its technical infrastructure to pinpoint vulnerabilities. Based on Cloudflare's advice, UN Women Australia switched to a more secure payment gateway and integrated Turnstile, Cloudflare's smart CAPTCHA alternative, to enhance its security measures.

Steve Bray, Head of ANZ at Cloudflare, detailed the efforts undertaken to protect UN Women Australia from future attacks. Cloudflare's application security solutions now bolster the organisation's defences with measures such as Cloudflare DDoS Protection and Bot Management. These solutions utilise behavioural analysis, bot fingerprinting, and machine learning to automatically identify and mitigate threats, ensuring continuous protection against potential cyber-attacks.

The backbone of Cloudflare's security measures is its Web Application Firewall (WAF), which provides autonomous, layered defences. This allows UN Women Australia to create custom rules to thwart advanced attacks, significantly enhancing its online security framework. As a result, the organisation can now refocus on its core mission of empowering and protecting women without being overshadowed by cybersecurity concerns.

Leisa Quinn, Senior Manager of Individual Giving at UN Women Australia, highlighted the peace of mind brought by Cloudflare's involvement, stating, “One of the best things about Cloudflare is that I don't have to think about it. Cloudflare takes care of everything—since we started working together we feel less vulnerable about website security.”

Simone Clarke, Chief Executive Officer at UN Women Australia, echoed these sentiments, praising Cloudflare's timely and effective support. "Cloudflare and Project Galileo have been incredibly helpful at a time we needed it most, providing us with reliable, reputable, and actionable advice we simply did not have access to otherwise." Clarke added, "The impact of these attacks could have been far worse without Cloudflare and Project Galileo."