(TLP:CLEAR) CISA Report – Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers

Summary: Yesterday, CISA, in collaboration with U.S. and international partners, released a report “Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers.” The guide offers internet service providers (ISPs) and network defenders with an overview of this cybercriminal activity along with key steps, best practices, and resources to protect their customers and their networks.

Analyst Note: According to the report, cybercriminal actors are increasingly using bulletproof hosting (BPH) infrastructure to support cyber attacks against critical infrastructure and other high-value targets. BPH providers market their infrastructure as “bulletproof” to cybercriminals because they neither engage in good faith with legal processes nor with third-party or victim complaints of malicious activity enabled from such infrastructure.

Threat actors leverage BPH infrastructure for obfuscation via fast flux techniques, command and control, malware delivery, phishing, and hosting illicit content in support of a variety of malicious cyber activities, such as ransomware, data extortion, and denial of service (DoS) attacks.

To reduce your cyber risk, network defenders and ISPs are encouraged to apply the mitigations recommended in this guide. These include conducting traffic analysis, curating a list of “high confidence” malicious internet resources, and performing automated and regular reviews of the malicious internet resources list.

Visit StopRansomware.gov to learn more about other ransomware threats and access no-cost tools and resources offered by CISA, FBI, and other US government partners.

Original Source: https://www.cisa.gov/news-events/alerts/2025/11/19/cisa-releases-guide-mitigate-risks-bulletproof-hosting-providers

Additional Reading:

• (TLP:AMBER) Gate 15 Threat Awareness & Resilience Guidance Report: Cybercrime (24 February 2025)

Related WaterISAC PIRs: 6, 8, 12