Bulletproof hosting (BPH) has emerged as a crucial infrastructure service in the realm of cybercrime. It enables cybercriminals to distribute malware from multiple locations, taking advantage of lenient jurisdictions and a wide range of services, including illegal activities [1] [2]. BPH providers employ intricate technical arrangements, such as purchasing IP address ranges from other bulletproof providers and routing malicious traffic through proxy and gateway servers [2]. These measures make it challenging to take down these providers or report abuse. Some BPH providers even permit low-level illegal activities to evade law enforcement [1]. Notable BPH providers associated with malicious activity include the yalishanda threat actor, Perfect Quality Hostin [1], and ccweb [1]. Blocking BPH providers proves to be an effective strategy in combating cybercrime, enabling security teams to proactively stay ahead of criminal operators and prevent cyber threats [1]. Although BPH providers frequently change their autonomous system and IP address ranges [2], their services can still be tracked for real-time intelligence [2]. By targeting and blocking BPH providers [2], malicious activity can be halted early in the kill chain.
Description
Bulletproof hosting (BPH) has become a critical infrastructure service in cybercrime [1] [2], allowing cybercriminals to send malware from various locations. BPH providers operate in lenient jurisdictions and offer services for all types of activity [1], including illegal ones [1]. They use complex technical arrangements [1] [2], such as buying IP address ranges from other bulletproof providers and routing malicious traffic through proxy and gateway servers [2], to make takedown and abuse requests difficult [1] [2]. Some BPH providers allow low-level illegal activities to avoid law enforcement action [1]. Notable BPH providers associated with malicious activity include the yalishanda threat actor, Perfect Quality Hostin [1], and ccweb [1]. Blocking BPH providers is an efficient way to fight against cybercrime [1], as it allows security teams to stay ahead of criminal operators and prevent cyber threats [1]. BPH providers consistently change their autonomous system and IP address ranges [2], but their services can still be tracked for real-time intelligence [2]. Targeting and blocking BPH providers can halt malicious activity early in the kill chain [2].
Conclusion
Blocking BPH providers has a significant impact on combating cybercrime. It enables security teams to proactively stay ahead of criminal operators and prevent cyber threats [1]. By disrupting the infrastructure that facilitates illegal activities, the spread of malware and other malicious activities can be mitigated. However, it is important to note that BPH providers are constantly evolving, frequently changing their autonomous system and IP address ranges [2]. Despite this, their services can still be tracked for real-time intelligence [2]. As the fight against cybercrime continues, targeting and blocking BPH providers remains a crucial strategy to halt malicious activity early in the kill chain.
References
[1] https://flyytech.com/2024/01/24/why-bulletproof-hosting-is-key-to-cybercrime-as-a-service/
[2] https://www.infosecurity-magazine.com/news/why-bulletproof-hosting-key-caas/
