TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

Light at the End of the Dark Web

BHIS · 2025-03-03 · Read original ↗

ATT&CK techniques detected

30 predictions
T1486Data Encrypted for Impact
98%
"t get errors when executing these tools, potentially ruining your own red team operation. and during that time, while performing some purple team engagements, which are collaborative projects between hackers and defenders, i was given some direct ttps from a very expensive threat…"
T1486Data Encrypted for Impact
98%
"is has the price of ransomware changed, according to the price of eggs. deb wigley too soon? joseph so, so i ’ ve been, i ’ ve been privy to a few, to a few ransomware incidents. and you have the big ones where a big supply chain attack happened and yeah, supply chain attack and …"
T1486Data Encrypted for Impact
97%
"security standards for critical industries and smbs. ross crackdown. actively target and dismantle ross infrastructure and forums facilitating cybercrime. joseph what has been your most challenging experience in defending against ransomware? and what did you learn from it? ai joh…"
T1486Data Encrypted for Impact
96%
"##zy, like a bar fight where nobody told me which side i was on. it started with the company ’ s entire system locking up faster than a bad carburetor on a rainy day. turned out they ’ d been hit with ransomware. and not the cheap kind either. it was the high end stuff. i rolled …"
T1486Data Encrypted for Impact
96%
"paid out $ 40 million to a ransomware group believed to be linked to the criminal group evil corp, using a, variant of the hades ransomware called phoenix. this ransomware appeared to be a browser update. cna employees were locked out of the network for approximately two weeks, s…"
T1486Data Encrypted for Impact
96%
"by itself. you can even buy access to a network to perform malicious actions from the context of an employee, potentially even an employee with privileges. now, you might be wondering, where did ransomware originate? well, back in the late 1980s, a trojan horse called aids would …"
T1486Data Encrypted for Impact
95%
", the spring hill medical center in mobile, alabama was affected by a ransom ransomware. this attack caused business disruptions and as a result the newborn baby suffered severe brain injuries and died shortly after. and this was due to monitoring equipment being inoperable durin…"
T1486Data Encrypted for Impact
94%
"ransomware and threat actors? ai john wayne just as the duke stood for protecting the vulnerable and standing tall in the face of adversity. i ’ m motivated by the knowledge that every effort to outsmart ransomware threats, threat actors protects individuals, organizations and co…"
T1486Data Encrypted for Impact
93%
"ransomware folks aren ’ t just locking you out of your own files anymore. they ’ re stealing your data and threatening to spill your secrets if you don ’ t pay up. and if that ’ s not enough, they ’ ve started targeting your customers or partners too, adding even more pressure to…"
T1486Data Encrypted for Impact
93%
"it also does not guarantee that an attacker won ’ t create and maintain some type of persistence to compromise you in the future or even just sell access to your environment to another ransomware group. access as a service is a real thing. and finally, paying a ransom, it does fu…"
T1486Data Encrypted for Impact
93%
"would assume that if you were to purchase like, access as a service or, you were able to find some kind of breach credentials and get in somewhere and you bought some ransomware. so you ’ re kind of a hodgepodge, ad hoc ransomware group. if you want a couple of buddies, you ’ ll …"
T1486Data Encrypted for Impact
86%
"that is a really good question. let ’ s see here. is this in discord kelly? kelli tarala no, this actually is in the q a in zoom. joseph okay. kelli tarala there ’ s looking at it came in about 144. joseph okay, let me see here. so i, i have kind of seen that, the, the price of r…"
T1486Data Encrypted for Impact
83%
". 4 million. this did cause some fuel shortages on the east coast, but luckily half of this ransom paid was actually recovered. how the fbi recovered the bitcoin is unknown. the interesting thing about this is the fbi just had a private key to a bitcoin wallet with this money in …"
T1486Data Encrypted for Impact
77%
"solicit access to organizations on underground forums. implement multi factor authentication for all critical systems. regularly patch and update software to address vulnerabilities. use network segmentation to limit lateral movement. monitor for unusual activity with endpoint de…"
T1486Data Encrypted for Impact
76%
"invest in cybersecurity. implement robust tools like edr, siem, and firewall protections. ensure regular cybersecurity training for employees. backup and recovery. maintain frequent immutable backups and test restoration processes. crisis communication. have a communication plan …"
T1486Data Encrypted for Impact
72%
"so that users could get their data back. i truly feel like that is the cybersecurity community of today. helping others and sharing knowledge. now, in the 2020s, ransomware distribution is far more sophisticated. there are as many ways to execute malware as there are ways to make…"
T1090.002External Proxy
64%
"everything is, yeah, everything in canva, some ai, for the, faces and the voices and all that kind of stuff. and just, a lot of research is very cool. deb wigley very cool. we have one question. isn ’ t the dark web still all tcp ip? so how does it require tor? joseph so basicall…"
T1657Financial Theft
61%
"paid out $ 40 million to a ransomware group believed to be linked to the criminal group evil corp, using a, variant of the hades ransomware called phoenix. this ransomware appeared to be a browser update. cna employees were locked out of the network for approximately two weeks, s…"
T1486Data Encrypted for Impact
57%
"that would be a really easy way to get caught. deb wigley seems a little short sighted. joseph yeah, yeah, yeah. deb wigley yes. i, think we got them all. you can keep asking, answering questions or asking questions in the discord and in zoom, and we ’ ll kind of wrap it up with …"
T1486Data Encrypted for Impact
57%
"address cybersecurity gaps, nothing concrete. now let me give a shameless plug and some guidance on how to address certain cybersecurity gaps. watch bhis content. companies that follow our guidance and get pen tests make life so hard for pen testers and red teamers. it might not …"
T1585.002Email Accounts
50%
"ransomware and threat actors? ai john wayne just as the duke stood for protecting the vulnerable and standing tall in the face of adversity. i ’ m motivated by the knowledge that every effort to outsmart ransomware threats, threat actors protects individuals, organizations and co…"
T1589.001Credentials
45%
", you don ’ t want to pay for a service or anything like that, like a pen test or anything. there ’ s i would suggest exploring it yourself, figure figuring out a risk model for accessing tor and doing the research yourself. so looking through forums and other things of that natu…"
T1657Financial Theft
44%
". attackers often deploy ransomware opportunistically, using automated scans for vulnerabilities, meaning any organization with a weak point can be a target. joseph how do attackers typically gain initial access for ransomware deployment? and how can defenders close these gaps? a…"
T1657Financial Theft
43%
"it also does not guarantee that an attacker won ’ t create and maintain some type of persistence to compromise you in the future or even just sell access to your environment to another ransomware group. access as a service is a real thing. and finally, paying a ransom, it does fu…"
T1090.002External Proxy
42%
"had some serious security flaws. the navy wanted a version of their own internet that was anonymous in its earliest days. the pioneers of tor knew the network needed to be decentralized, meaning it should be controlled by many instead of one. in late 2002, the tor network was dep…"
T1657Financial Theft
39%
". joseph did you direct that to kelly? deb wigley no, it was to everyone. kelly, you can answer it if you ’ d like. kelli tarala i don ’ t. i think that ’ s a joseph question. joseph yeah, okay. okay, so, so why is it that credit card provide. kelli tarala i have to go back and r…"
T1090.003Multi-hop Proxy
35%
"had some serious security flaws. the navy wanted a version of their own internet that was anonymous in its earliest days. the pioneers of tor knew the network needed to be decentralized, meaning it should be controlled by many instead of one. in late 2002, the tor network was dep…"
T1589.001Credentials
34%
"released in your poem. so in my opinion, the people that i know and my experiences and conversations, people that get cyber insurance actually in some cases do become more secure. ai john wayne let ’ s see. deb wigley how about any resources for blue teams that are trying to stay…"
T1486Data Encrypted for Impact
33%
", you don ’ t want to pay for a service or anything like that, like a pen test or anything. there ’ s i would suggest exploring it yourself, figure figuring out a risk model for accessing tor and doing the research yourself. so looking through forums and other things of that natu…"
T1090.002External Proxy
33%
"search engines, and it might require user and password, or it might even be restricted by where you are in the world. and finally, we have the dark web or the onion router. tor, similar to the deep web accepted, focuses primarily on anonymity. and in order to access it, you need …"

Summary

Join us for this one-hour Black Hills Information Security webcast with Joseph - Security Analyst, as he shares with you what he's discovered and learned about the Dark Web, so you never ever ever have to go there for yourself.

The post Light at the End of the Dark Web appeared first on Black Hills Information Security, Inc..