Joint guidance on mitigating risks from bulletproof hosting providers – Canadian Centre for Cyber Security
Summary
The Canadian Centre for Cyber Security, together with CISA and international partners (ASD/ACSC, NCSC-NL, NCSC-NZ, NCSC-UK, DC3, FBI and NSA), has published joint guidance to help Internet service providers (ISPs) and network defenders mitigate risks posed by bulletproof hosting (BPH) providers.
A BPH provider deliberately markets hosting and network infrastructure to cybercriminals and threat actors. The guidance sets out practical mitigations ISPs and defenders can apply to reduce the effectiveness of BPH infrastructures and push malicious actors towards legitimate providers where they are more likely to be detected and disrupted.
Key Points
- Definition: Bulletproof hosting (BPH) providers knowingly lease infrastructure to threat actors to support malicious activity.
- Joint authorship: The guidance is a multinational effort led by the Canadian Centre for Cyber Security and CISA, with multiple allied partners and US law enforcement and intelligence agencies.
- Target audience: Primarily ISPs and network defenders, but relevant to CERTs, SOCs and infrastructure owners.
- Practical mitigations: Recommendations cover detection, takedown support, customer vetting, logging, traffic analysis, and collaboration with law enforcement.
- Objective: Reduce BPH resilience and force threat actors to use legitimate providers, increasing chances of disruption and enforcement.
- Full text: The complete publication is available from CISA: “Bulletproof defense: Mitigating risks from bulletproof hosting providers.”
Why should I read this?
If you run networks, manage hosting or work in security operations, this is worth five minutes of your time — it gives clear, actionable steps you can apply now to make life harder for cybercriminals. The joint nature of the guidance means it carries weight: it’s not just one agency’s view but a coordinated approach from several national defenders and law enforcement bodies.
Context and relevance
Bulletproof hosting underpins a lot of persistent cybercrime: phishing kits, botnets, ransomware infrastructure, and illicit marketplaces. That makes the guidance important for resilience of critical services and internet stability. As regulators and enforcement agencies increase pressure on illicit hosting, ISPs and defenders who adopt these mitigations will help break criminal infrastructure and reduce downstream harm to organisations and citizens.
