1. Introduction
Black Cell’s mission is to stay ahead of cybercriminals, particularly those targeting blockchain and cryptocurrency ecosystems. These sectors face unique adversarial tactics due to their decentralized nature and high-value assets. To provide precise, actionable recommendations, it’s crucial to analyze both your infrastructure and the tactics, techniques, and procedures (TTPs) employed against other organizations in the blockchain space. By mapping these TTPs to the MITRE ATT&CK framework, we deliver a heatmap highlighting the most significant threats to your environment.
2. Sector-Specific Analysis of Adversary TTPs
Effective threat intelligence hinges on its capacity to preempt attacks with robust mitigations. Using frameworks like David Bianco’s Pyramid of Pain, we focus on detecting and mitigating adversarial TTPs rather than just tools, forcing attackers to adapt their methods. This approach ensures you receive insights to prioritize efforts that disrupt adversaries targeting blockchain environments.
2.1. Methodology
Our analysis aggregates data from diverse, high-quality sources relevant to blockchain and cryptocurrency, using techniques such as:
- OSINT with Google Dorking for public insights.
- Deep web searches using SearX and CTI platforms to access data from TOR, I2P, and other sources.
- Incident mapping to identify tools, malware, and TTPs utilized in sector-specific cyberattacks.
This research also identifies threat actors such as APTs and cybercriminal groups operating within the blockchain space. Their profiles include tools, malware, and exploitation methods, mapped to the ATT&CK framework. Additionally, we examine security gaps that led to previous successful attacks, applying these lessons to assess your vulnerabilities.
Steps of the Methodology:
- Identify major cyber incidents targeting blockchain/cryptocurrency.
- Collect data about attack vectors, tools, and methods used.
- Map findings to the MITRE ATT&CK framework.
- Build profiles of relevant threat actors.
- Assess and map security gaps to ATT&CK techniques.
Scoring and Heatmap Generation
Each threat is evaluated on:
- Impact (1–5): From minor disruptions to risks to systemic financial stability.
- Evasion (1–5): From basic signature-detection evasion to advanced techniques.
- Complexity (1–5): From script kiddies to adversaries crafting custom malware.
- Success (1–5): Level of historical execution success.
- Accuracy Multiplier: Reflecting confidence in data validity.
These scores are normalized (1–7) to prioritize critical threats and displayed on a heatmap to focus on the most severe risks in blockchain and cryptocurrency security.
Below you can find the MITRE ATT&CK heatmap of the Cryptocurrency sector. Red techniques indicate critical threats to this sector, while green techniques are less severe.
(For full size view open the image in a new tab or save image.)
Author
Tibor Luter
FUSION CENTER MANAGER
Related Posts
Tool spotlight: YARA
In today's blog post, we will be going over a tool that is a must-have in every security analyst's...
Travel Secure: Essential Cyber Tips for Your Journey
Stay Cyber-Safe While Traveling! Your cybersecurity shouldn't take a vacation when you do. Check...