How AI Can Help Your Business
Bulletproof Defense: Mitigating Risks From Bulletproof Hosting Providers
TLP:CLEAR
Introduction
This document was developed through the Joint Ransomware Task Force (JRTF), a U.S. interagency body established by Congress in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) to ensure unity of effort in combating the growing threat of ransomware attacks.
This document provides internet service providers (ISPs) and network defenders recommendations to mitigate potential cybercriminal activity enabled by bulletproof hosting (BPH) providers. This document is authored by the Cybersecurity and Infrastructure Security Agency (CISA) and the following partners:1
- U.S. National Security Agency (NSA)
- U.S. Department of Defense Cyber Crime Center (DC3)
- U.S. Federal Bureau of Investigation (FBI)
- Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
- Canadian Centre for Cyber Security (Cyber Centre)
- Netherlands National Cyber Security Centre (NCSC-NL)
- New Zealand National Cyber Security Centre (NCSC-NZ)
- United Kingdom National Cyber Security Centre (NCSC-UK)
A BPH provider is an internet infrastructure provider that knowingly and intentionally markets and leases their infrastructure to cybercriminals. The authoring agencies have observed a marked increase in cybercriminal actors using BPH infrastructure to support cyber operations against critical infrastructure, financial institutions, and other high-value targets. BPH providers continue to pose a significant risk to the resilience and safety of critical systems and services.
Mitigating cybercriminal activity enabled by BPH providers requires a nuanced approach because BPH infrastructure is integrated into legitimate internet infrastructure systems, and actions from ISPs or network defenders may impact legitimate activity. The authoring agencies encourage ISPs and network defenders to apply the recommendations in this document, including curating a list of “high confidence” malicious internet resources and using the list to implement filters. By doing so, ISPs and network defenders can mitigate cybercriminal activity perpetuated by BPH infrastructure. This will help reduce the effectiveness of this infrastructure and potentially force cybercriminals to use legitimate infrastructure providers who are responsive to cyber threat abuse complaints and law enforcement takedown requests.
Please click here to read more detail
TLP:CLEAR