The Australian Cyber Security Centre (ACSC) is actively targeting Bulletproof Hosting Providers (BPH) to disrupt cybercrime networks. BPH services are crucial to cybercriminals, providing the infrastructure needed to conduct malicious operations while avoiding detection. These services are integral to the Cybercrime-as-a-Service (CaaS) ecosystem, enabling attacks ranging from ransomware campaigns to data theft and phishing scams.
The ACSC has issued a detailed warning regarding BPH. What sets them apart is their blatant disregard for legal requests to shut down services, as they refuse to comply with takedown orders or abuse complaints from victims or law enforcement. The Australian government’s efforts highlight the increasing difficulty for cybercriminals to maintain secure, resilient, and hidden infrastructures.
BPH providers lease virtual or physical infrastructure to cybercriminals. This allows them to run their operations. These services often include leasing IP addresses and servers that obscure the true identities of their customers. Many BPH providers achieve this by utilizing complex network switching methods, making it difficult to trace activity back to its source.