Alongside international partners and led by the Cybersecurity and Infrastructure Security Agency (CISA), we have released Bulletproof defense: Mitigating risks from bulletproof hosting providers​. This publication provides internet service providers (ISPs) and network defenders with recommendations to mitigate potential cybercriminal activity enabled by bulletproof hosting (BPH) providers.
A BPH provider is an internet infrastructure provider that intentionally markets and leases their infrastructure to cybercriminals.
Cybercriminals are increasingly using BPH infrastructure to support cyber attacks against critical infrastructure, financial institutions and other high-value targets, making BPH providers significant facilitators of risk to the resilience and safety of our critical systems and services.
Because BPH infrastructure is integrated into legitimate internet infrastructure systems, actions from ISPs or network defenders to block BPH infrastructure may impact legitimate activity. Therefore, a carefully considered and tailored approach to mitigations is required.
Read the full publication for mitigation recommendations, which include dynamically filtering Autonomous System Numbers, subnets, or individual IP addresses to reduce the risk of compromise from BPH provider-enabled activity. Apply the recommendations only after weighing the associated risks and monitoring to ensure actions taken do not unduly impact legitimate infrastructure.