VulnHub

Real-time Cybersecurity News

CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers

All CISA Advisories
RansomwarePhishingMalwareCritical

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help Internet Service Providers (ISPs) mitigate risks associated with Bulletproof Hosting (BPH) providers that facilitate cybercriminal activities like ransomware and phishing. The guide emphasizes the importance of collaboration and proactive measures to reduce the effectiveness of BPH infrastructure, which poses significant threats to critical systems and services.

Key Takeaways

  • Affected Systems: Bulletproof Hosting providers, cybercriminal activities including ransomware, phishing, malware delivery, denial-of-service attacks.
  • Action Required: Curate malicious resource lists, implement filters to block malicious traffic, analyze network traffic for anomalies, use logging systems to track ASNs and IP addresses, share intelligence with public and private entities, notify customers about malicious resources, provide premade filters, set accountability standards, and vet customers to prevent BPH abuse.
  • Timeline: Newly disclosed

Original Article Summary

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Bulletproof Hosting (BPH) providers. A BPH provider is an internet infrastructure provider that knowingly leases infrastructure to cybercriminals. These providers enable malicious activities such as ransomware, phishing, malware delivery, and denial-of-service (DoS) attacks, posing an imminent and significant risk to the resilience and safety of critical systems and services. The guide provides recommendations to reduce the effectiveness of BPH infrastructure while minimizing disruptions to legitimate activity. Key Recommendations for ISPs and Network Defenders: Curate malicious resource lists: Use threat intelligence feeds and sharing channels to build lists of malicious resources. Implement filters: Apply filters to block malicious traffic while avoiding disruptions to legitimate activity. Analyze traffic: Monitor network traffic to identify anomalies and supplement malicious resource lists. Use logging systems: Record Autonomous System Numbers (ASNs) and IP addresses, issue alerts for malicious activity, and keep logs updated. Share intelligence: Collaborate with public and private entities to strengthen cybersecurity defenses. Additional Recommendations for ISPs: Notify customers: Inform customers about malicious resource lists and filters, with opt-out options. Provide filters: Offer premade filters for customers to apply in their networks. Set accountability standards: Work with other ISPs to create codes of conduct for BPH abuse prevention. Vet customers: Collect and verify customer information to prevent BPH providers from leasing ISP infrastructure. CISA and its partners urge ISPs and network defenders to implement these recommendations to mitigate risks posed by BPH providers. By reducing the effectiveness of BPH infrastructure, defenders can force cybercriminals to rely on legitimate providers that comply with legal processes. For more information, visit the full guide.

Impact

Bulletproof Hosting providers, cybercriminal activities including ransomware, phishing, malware delivery, denial-of-service attacks.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Curate malicious resource lists, implement filters to block malicious traffic, analyze network traffic for anomalies, use logging systems to track ASNs and IP addresses, share intelligence with public and private entities, notify customers about malicious resources, provide premade filters, set accountability standards, and vet customers to prevent BPH abuse.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Phishing, Malware, and 1 more.

Read Original Article

Related Coverage

ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot

Hackread – Cybersecurity News, Data Breaches, AI and More

ShinyHunters, a known hacking group, claims to have gained access to data from Rockstar Games' Snowflake platform due to a breach involving Anodot, a data analytics company. They have threatened to leak this data on April 14 unless their ransom demands are met. This incident raises concerns about the security of sensitive information related to Rockstar, a major player in the gaming industry. If the breach is legitimate, it could expose user data and proprietary information, impacting both the company and its customers. The situation is still developing, and Rockstar Games has not yet confirmed the breach or provided details on any potential data compromise.

Apr 11, 2026

US Treasury to offer free cybersecurity intelligence to crypto firms

SCM feed for Latest

The U.S. Treasury Department's Office of Cybersecurity and Critical Infrastructure Protection has announced a new initiative aimed at sharing cyber threat intelligence with cryptocurrency firms. This program is designed to help these companies better identify, prevent, and respond to cyber threats, especially as attacks on the crypto sector grow more frequent and sophisticated. The initiative comes in response to increasing concerns over security vulnerabilities in the cryptocurrency market, which has become a prime target for cybercriminals. By providing free intelligence resources, the Treasury hopes to strengthen the security posture of these firms and protect consumers. This move reflects a broader recognition of the need for enhanced security measures in the rapidly evolving digital currency landscape.

Apr 10, 2026

Hims Breach Exposes the Most Sensitive Kinds of PHI

darkreading

Hims, a telehealth company, has suffered a data breach that exposes sensitive personal health information (PHI) of its users. The breach could reveal details about users' conditions, such as baldness, obesity, or erectile dysfunction. The attackers may misuse this data for identity theft, targeted phishing scams, or other malicious activities. This incident raises serious concerns about the protection of personal health data in the telehealth sector, highlighting the ongoing challenges companies face in safeguarding sensitive information. Users of Hims should be vigilant about potential phishing attempts and monitor their accounts for unusual activity.

Apr 10, 2026

Your Next Breach Will Look Like Business as Usual

darkreading

Cybersecurity teams are facing an increasing number of credential-based attacks, which are becoming more sophisticated and harder to detect. To combat this trend, experts suggest that teams need to shift their detection models to better identify these threats as they evolve. This includes adapting to the changing tactics used by attackers, who often disguise their activities to look like normal business operations. As organizations continue to rely on digital credentials for access, the risk of these types of attacks grows, potentially leading to significant data breaches and financial losses. Companies must stay vigilant and update their security strategies to protect against these emerging threats.

Apr 10, 2026

Bessent, Powell met privately with top bankers over impact of Claude Mythos on cybersecurity

SCM feed for Latest

In recent discussions, cybersecurity experts have raised alarms about the implications of Claude Mythos, a new threat that could impact various organizations. Financial institutions, particularly those that traditionally invest less in cybersecurity than larger banks, are urged to take immediate action to bolster their defenses. The meeting between Bessent and Powell, along with top bankers, indicates a growing concern about potential vulnerabilities that could be exploited by attackers. As cyber threats continue to evolve, companies must prioritize their cybersecurity strategies to protect sensitive data and maintain trust with customers. The conversation underscores the need for proactive measures in an increasingly digital landscape.

Apr 10, 2026

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

Latest news

The FBI and NSA have issued a warning about Russian hackers taking advantage of vulnerabilities in routers. These attackers are reportedly exploiting weaknesses to gain unauthorized access to networks, potentially compromising personal and corporate data. This issue affects a wide range of router models, but specific brands and versions have not been disclosed. Users and businesses are encouraged to take proactive measures to secure their routers, as these vulnerabilities could lead to significant security breaches. Ensuring that firmware is updated and default settings are changed are among the recommended steps to mitigate the risk.

Apr 10, 2026