Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Bulletproof Hosting (BPH) providers.

A BPH provider is an internet infrastructure provider that knowingly leases infrastructure to cybercriminals. These providers enable malicious activities such as ransomware, phishing, malware delivery, and denial-of-service (DoS) attacks, posing an imminent and significant risk to the resilience and safety of critical systems and services. The guide provides recommendations to reduce the effectiveness of BPH infrastructure while minimizing disruptions to legitimate activity.

Key Recommendations for ISPs and Network Defenders:

• Curate malicious resource lists: Use threat intelligence feeds and sharing channels to build lists of malicious resources.
• Implement filters: Apply filters to block malicious traffic while avoiding disruptions to legitimate activity.
• Analyze traffic: Monitor network traffic to identify anomalies and supplement malicious resource lists.
• Use logging systems: Record Autonomous System Numbers (ASNs) and IP addresses, issue alerts for malicious activity, and keep logs updated.
• Share intelligence: Collaborate with public and private entities to strengthen cybersecurity defenses.

Additional Recommendations for ISPs:

• Notify customers: Inform customers about malicious resource lists and filters, with opt-out options.
• Provide filters: Offer premade filters for customers to apply in their networks.
• Set accountability standards: Work with other ISPs to create codes of conduct for BPH abuse prevention.
• Vet customers: Collect and verify customer information to prevent BPH providers from leasing ISP infrastructure.

CISA and its partners urge ISPs and network defenders to implement these recommendations to mitigate risks posed by BPH providers. By reducing the effectiveness of BPH infrastructure, defenders can force cybercriminals to rely on legitimate providers that comply with legal processes. For more information, visit the full guide.