1. Introduction
Black Cell’s mission is to stay ahead of cybercriminals, particularly those targeting blockchain and cryptocurrency ecosystems. These sectors face unique adversarial tactics due to their decentralized nature and high-value assets. To provide precise, actionable recommendations, it’s crucial to analyze both your infrastructure and the tactics, techniques, and procedures (TTPs) employed against other organizations in the blockchain space. By mapping these TTPs to the MITRE ATT&CK framework, we deliver a heatmap highlighting the most significant threats to your environment.
2. Sector-Specific Analysis of Adversary TTPs
Effective threat intelligence hinges on its capacity to preempt attacks with robust mitigations. Using frameworks like David Bianco’s Pyramid of Pain, we focus on detecting and mitigating adversarial TTPs rather than just tools, forcing attackers to adapt their methods. This approach ensures you receive insights to prioritize efforts that disrupt adversaries targeting blockchain environments.
2.1. Methodology
Our analysis aggregates data from diverse, high-quality sources relevant to blockchain and cryptocurrency, using techniques such as:
- OSINT with Google Dorking for public insights.
- Deep web searches using SearX and CTI platforms to access data from TOR, I2P, and other sources.
- Incident mapping to identify tools, malware, and TTPs utilized in sector-specific cyberattacks.
This research also identifies threat actors such as APTs and cybercriminal groups operating within the blockchain space. Their profiles include tools, malware, and exploitation methods, mapped to the ATT&CK framework. Additionally, we examine security gaps that led to previous successful attacks, applying these lessons to assess your vulnerabilities.
Steps of the Methodology:
- Identify major cyber incidents targeting blockchain/cryptocurrency.
- Collect data about attack vectors, tools, and methods used.
- Map findings to the MITRE ATT&CK framework.
- Build profiles of relevant threat actors.
- Assess and map security gaps to ATT&CK techniques.
Scoring and Heatmap Generation
Each threat is evaluated on:
- Impact (1–5): From minor disruptions to risks to systemic financial stability.
- Evasion (1–5): From basic signature-detection evasion to advanced techniques.
- Complexity (1–5): From script kiddies to adversaries crafting custom malware.
- Success (1–5): Level of historical execution success.
- Accuracy Multiplier: Reflecting confidence in data validity.
These scores are normalized (1–7) to prioritize critical threats and displayed on a heatmap to focus on the most severe risks in blockchain and cryptocurrency security.
Below you can find the MITRE ATT&CK heatmap of the Cryptocurrency sector. Red techniques indicate critical threats to this sector, while green techniques are less severe.
(For full size view open the image in a new tab or save image.)
Author
Tibor Luter
FUSION CENTER MANAGER
Related Posts
Employees 85% more likely to leak files today vs pre-COVID
Employees are 85 percent more likely today to leak files than they were before the COVID-19 pandemic, according to research released Thursday by Code42. Joe Payne, Code42’s president and CEO, said the vast majority of that 85 percent are malicious insiders and the rest are caused by employee carelessness.
This Bluetooth Attack Can Steal a Tesla Model X in Minutes
Tesla has always prided itself on its so-called over-the-air updates, pushing out new code automatically to fix bugs and add features. But one security researcher has shown how vulnerabilities in the Tesla Model X’s keyless entry system allow a different sort of update: A hacker could rewrite the firmware of a key fob via Bluetooth connection, lift an unlock code from the fob, and use it to steal a Model X in just a matter of minutes.