The Canadian Centre for Cyber Security (Cyber Centre) has joined the United States’ Cybersecurity and Infrastructure Security Agency (CISA), and the following international partners in releasing cyber security guidance on mitigating risks from bulletproof hosting (BPH) providers:
- Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC)
- Netherlands’ National Cyber Security Centre (NCSC-NL)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- United Kingdom’s National Cyber Security Centre (NCSC-UK)
- United States’ Department of Defense Cyber Crime Center (DC3)
- United States’ Federal Bureau of Investigation (FBI)
- United States’ National Security Agency (NSA)
A BPH provider is an Internet infrastructure supplier that intentionally markets and leases its infrastructure to threat actors. BPH providers pose a significant risk to the resilience and safety of critical systems and services.
This joint guidance provides recommendations to Internet service providers (ISPs) and network defenders to mitigate potential cybercriminal activity enabled by BPH providers. By applying these mitigations, ISPs and network defenders can help reduce the effectiveness of BPH infrastructures and potentially force threat actors to use legitimate infrastructure providers instead.
Read the full joint publication: Bulletproof defense: Mitigating risks from bulletproof hosting providers