Combating Cyberattack Techniques with Dark Web Traffic Monitoring | Mitigation Guide

Download the report

Cybercriminals often use dark web networks such as The Onion Router (Tor) to obfuscate their activity through the multiple stages of a cyberattack.

However, this use of the dark web also creates an opportunity for cybersecurity professionals to identify cyberattacks at multiple stages. By continuously monitoring dark web traffic to and from their network, security teams can quickly establish a baseline of what is “normal”, to identify anomalies in traffic that may be an indicator of compromise.

Moreover, analysis of the traffic – whether it is going to or from the network, the frequency of the connection, the size of the data, and where in the network it is connecting to – can provide security teams with vital intelligence on exactly what techniques the adversary is using and what stage of the attack they are in, which is critical information for incident response.

In this Mitigation Guide we provide just five examples of tactics from the MITRE ATT&CK Enterprise Matrix that can be identified through dark web traffic monitoring, to demonstrate how this source of intelligence could be used to stop an adversary in their tracks at multiple stages of a cyberattack.

download the report for:

  • An overview of how dark web traffic fits into MITRE ATT&CK tactics including Reconnaissance (TA0043), Resource Development (TA0042), Persistence (TA0003), Command and Control (TA0011), and Exfiltration (TA0010).
  • Details of how criminal activity can be spotted at each of these stages, through analysis of dark web traffic.
  • Information on how each of the tactics can be combated with proper warning.