WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with US and international partners, released Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers. This guide offers internet service providers (ISPs) and network defenders an in-depth overview of this cybercriminal activity along with key steps, best practices and resources to safeguard their customers and their networks. Developed through the Joint Ransomware Task Force, a U.S. interagency body, this guide ensures a unified approach to combat the escalating threat of ransomware attacks.
Cybercriminal actors are increasingly leveraging Bulletproof Hosting (BPH) infrastructure to conduct cyber operations targeting critical infrastructure, financial institutions, and other high-value targets. BPH providers market their infrastructure as “bulletproof” to cybercriminals because they neither engage in good faith with legal processes nor with third-party or victim complaints of malicious activity enabled from such infrastructure. Cybercriminals use BPH infrastructure for obfuscation via fast flux techniques, command and control, malware delivery, phishing, and hosting illicit content in support of a variety of malicious cyber activities, such as ransomware, data extortion, and denial of service (DoS) attacks.
“Bulletproof hosting is one of the core enablers of modern cybercrime, said Acting CISA Director Madhu Gottumukkala. “By shining a light on these illicit infrastructures and giving defenders concrete actions, we are making it harder for criminals to hide and easier for our partners to protect the systems Americans rely on every day.”
To mitigate the risks of this cybercriminal activity, network defenders and ISPs are advised to implement the recommendations in this guide. These include conducting traffic analysis, curating a list of “high confidence” malicious internet resources and performing automated and regular reviews of this list. Additionally, to further diminish the effectiveness of BPH infrastructure, ISPs should take specific actions such as notifying customers about malicious internet resource lists and associated filters, creating filters that customers can apply and establish standards and norms for ISP accountability.
“Cybercriminals persist in their efforts to disrupt networks and systems while remaining undetectable and difficult to trace. BPH providers are increasingly becoming common accomplices, posing an imminent and significant risk to the resilience and safety of critical systems and services,” said Nick Andersen, Executive Assistant Director for the Cybersecurity Division, CISA. “CISA’s global collaboration with governments, law enforcement, and the private sector is making it harder for cybercriminals to remain anonymous online. Our joint BulletProof Defense guide provides actionable information. We encourage ISPs and organizations to review and implement recommended actions to reduce the effectiveness of BPH infrastructure and risk to this threat.”
When implemented, the recommended actions in this joint guide is designed to reduce the effectiveness of BPH infrastructure and potentially compel cybercriminals to resort to legitimate infrastructure providers who are responsive to cyber threat abuse complaints and law enforcement takedown requests.
Visit StopRansomware.gov to learn more about other ransomware threats and access no-cost tools and resources offered by CISA, FBI and other US government partners.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.