A new joint guide outlining how internet service providers and network defenders can curb cybercrime enabled by bulletproof hosting (BPH) infrastructure has been released by the US Cybersecurity and Infrastructure Security Agency (CISA) and its US and international partners.
The publication details how this infrastructure is used to support ransomware, phishing, malware delivery and other attacks targeting critical sectors.
CISA said the guide arrives as cybercriminals increasingly rely on bulletproof hosting services that ignore legal takedown requests and complaints.
These providers lease or resell infrastructure to malicious actors, allowing them to obfuscate operations, cycle through IP addresses and host illicit content while avoiding detection. Fast flux techniques, command and control activity, and data extortion schemes frequently run through these networks.
The authoring agencies recommended a series of defensive steps designed to reduce the effectiveness of BPH infrastructure. These measures focus on identifying malicious internet resources, improving traffic visibility and applying targeted filters that limit collateral impact on legitimate systems.
Read more about sanctions against bulletproof hosters: UK, US and Australia Sanction Russian Bulletproof Hoster Media Land
“Bulletproof hosting is one of the core enablers of modern cybercrime,” explained acting CISA director, Madhu Gottumukkala.
“By shining a light on these illicit infrastructures and giving defenders concrete actions, we are making it harder for criminals to hide and easier for our partners to protect the systems Americans rely on every day.”
Key recommendations include:
-
Curating a “high confidence” list of malicious internet resources
-
Conducting continuous traffic analysis
-
Implementing automated reviews of blocklists
-
Sharing threat intelligence across public and private channels
-
Deploying filters at the network edge
-
Establishing feedback processes to reduce accidental blocking
“Cybercriminals persist in their efforts to disrupt networks and systems while remaining undetectable and difficult to trace,” commented Nick Andersen, executive assistant director for CISA’s Cybersecurity Division.
“BPH providers are increasingly becoming common accomplices, posing an imminent and significant risk.”
ISPs are encouraged to notify customers about potential threats, offer optional filtering tools and establish sector-wide standards for BPH abuse prevention.
The guide notes that applying these measures could force cybercriminals to turn to legitimate infrastructure providers that respond to law enforcement and abuse reports.
