All CISA Advisories, EN

CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Bulletproof Hosting (BPH) providers.

A BPH provider is an internet infrastructure provider that knowingly leases infrastructure to cybercriminals. These providers enable malicious activities such as ransomware, phishing, malware delivery, and denial-of-service (DoS) attacks, posing an imminent and significant risk to the resilience and safety of critical systems and services. The guide provides recommendations to reduce the effectiveness of BPH infrastructure while minimizing disruptions to legitimate activity.

Key Recommendations for ISPs and Network Defenders:

  • Curate malicious resource lists: Use threat intelligence feeds and sharing channels to build lists of malicious resources.
  • Implement filters: Apply filters to block malicious traffic while avoiding disruptions to legitimate activity.
  • Analyze traffic: Monitor network traffic to identify anomalies and supplement malicious resource lists.
  • Use logging systems: Record Autonomous System Numbers (ASNs) and IP addresses, issue alerts for malicious activity, and keep logs updated.
  • Share intelligence: Collaborate with public and private entities to strengthen cybersecurity defenses.

Additional Recommendations for ISPs: