CISA Issues New Guidance on Bulletproof Hosting Threat

CISA Issues New Guidance on Bulletproof Hosting Threat

A new joint guide outlining how internet service providers and network defenders can curb cybercrime enabled by bulletproof hosting (BPH) infrastructure has been released by the US Cybersecurity and Infrastructure Security Agency (CISA) and its US and international partners.

The publication details how this infrastructure is used to support ransomware, phishing, malware delivery and other attacks targeting critical sectors.

CISA said the guide arrives as cybercriminals increasingly rely on bulletproof hosting services that ignore legal takedown requests and complaints.

These providers lease or resell infrastructure to malicious actors, allowing them to obfuscate operations, cycle through IP addresses and host illicit content while avoiding detection. Fast flux techniques, command and control activity, and data extortion schemes frequently run through these networks.

The authoring agencies recommended a series of defensive steps designed to reduce the effectiveness of BPHinfrastructure. These measures focus on identifying malicious internet resources, improving traffic visibility and applying targeted filters that limit collateral impact on legitimate systems.

Read more about sanctions against bulletproof hosters:UK, US and Australia Sanction Russian Bulletproof Hoster Media Land

“Bulletproof hosting is one of the core enablers of modern cybercrime,”explained acting CISA director, Madhu Gottumukkala.

“By shining a light on these illicit infrastructures and giving defenders concrete actions, we are making it harder for criminals to hide and easier for our partners to protect the systems Americans rely on every day.”

Key recommendations include:

  • Curating a “high confidence”list of malicious internet resources

  • Conducting continuous traffic analysis

  • Implementing automated reviews of blocklists

  • Sharing threat intelligence across public and private channels

  • Deploying filters at the network edge

  • Establishing feedback processes to reduce accidental blocking

“Cybercriminals persist in their efforts to disrupt networks and systems while remaining undetectable and difficult to trace,”commented Nick Andersen, executive assistant director for CISA’s Cybersecurity Division.

“BPH providers are increasingly becoming common accomplices, posing an imminent and significant risk.”

ISPs are encouraged to notify customers about potential threats, offer optional filtering tools and establish sector-wide standards for BPH abuse prevention.

The guidenotes that applying these measures could force cybercriminals to turn to legitimate infrastructure providers that respond to law enforcement and abuse reports.

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.