Light Dark
June 12, 2017 By Christian Falco 3 min read
Threat Intelligence
Advanced Threats
Malware

Last month, we celebrated the two-year anniversary of the IBM X-Force Exchange (XFE). During that week, the threat intelligence sharing platform reached a record spike in traffic as users flocked to the site to stay up to date on the recently exposed WannaCry ransomware.

10 Threat Intelligence Sharing Tips to Fight Cybercrime

As the X-Force team populated the WCry2 Ransomware Outbreak collection, it quickly became the highest-rated and most-followed collection in XFE history. With the wind behind our sails, it seems like the perfect time to share some of the platform’s top tips and tricks that even our 35,000 registered users might not know about.

1. Keep Up With Malware Trends and Tactics

Many organizations struggle to keep pace with the various versions of malware out in the wild, let alone the increasingly sophisticated tactics of their operators. It’s crucial to remain vigilant using the existing security systems and awareness programs you have in place to prevent malware from infecting your endpoints and network. This is a never-ending battle that requires you to push your vendors and staff to think differently about access and data protection. It’s also important to constantly assess the cybercrime landscape to stay one step ahead of threat actors’ evolving tactics. As Barkley pointed out in its “2017 Malware Trends Report,” today’s malware commonly infects victims directly via “clickless” methods and by abusing or exploiting legitimate systems.

2. Generate Collections Through Email

With curated threat intelligence, collections help streamline security investigations with information on campaigns, actors, and tactics, techniques and procedures (TTPs), and provide actionable recommendations from the X-Force research community. While you can manually build a collection in the platform, you can save time by using email. To auto-build your collection, navigate to Settings > Inbox, obtain your X-Force email address, and send an email to it.

3. Share Threat Intelligence With Your Social Networks

In light of the WannaCry ransomware attack, which reached thousands of companies across more than 100 countries, sharing threat intelligence outside your enterprise quickly is just as important as collaborating in your own security operations center (SOC). X-Force Exchange allows security teams to share pertinent threat intelligence on Twitter, Facebook and LinkedIn with just a click of the mouse. Look for the icons in all public collections.

4. Seamlessly Set Up the API

The IBM X-Force Exchange API delivers programmatic access to nearly 800 TB of threat intelligence data across IPs, URLs, vulnerabilities, malware and more. With the API, users can access XFE data from collections, obtain up-to-date information on indicators and integrate with other products to perform real-time actions. As a registered user, go to Settings > API Access to generate your API key, and test its functionality within the interactive Swagger API documentation.

5. Get Even More Access to Threat Intelligence

If nearly a petabyte of threat data isn’t enough, X-Force Exchange has enabled integrations with third-party feeds to expand threat intelligence through its Threat Feed Manager. With more curated knowledge, you can make better decisions even faster when it comes to your security investigation. Go to Settings > Integrations to expand your threat intelligence.

6. Build a Customized Watchlist

Keep up with relevant vulnerabilities on selected platforms with our Watchlist feature. Go to Settings > Watchlist to choose your specific enterprise technologies and receive alerts as soon as vulnerabilities are released, complete with pertinent information such as Common Vulnerability Scoring System (CVSS) scores, impacted product lists and references.

7. Get Notified on What’s Important

IBM X-Force Exchange enables notifications beyond just vulnerabilities. For a full menu of alerts on threat intelligence included in Advisories, Collections, Groups and Reports, go to Settings > Notifications. Select and deselect as you see fit to help augment your research workflow and sift through the noise.

8. Prioritize Your Intelligence With a Custom Layout

Want the botnet distribution card front and center? Don’t really care about groups? On the new dashboard, customize your layout with the gear icon. Promote, demote and drop cards as you wish depending on what helps you better research and investigate threats.

9. Help Relevant Collections Rise to the Top

Within each collection, there is a voting feature that allows you to like or dislike a specific collection. Bring awareness to the community with your opinion on the collected threat intelligence, and see the latest and greatest intelligence by going to the Public Collections menu and filtering by date and rating.

10. Validate the Source

XFE has global researchers dedicated to finding, curating and sharing actionable threat intelligence across more than 38 billion web pages, 860,000 IPs and 113,000 vulnerabilities. If you are curious about the source of any given collection, check the version history. IBM X-Force researchers have a blue shield next to their profile image.

Learn More

To explore more ways in which threat intelligence sharing can help your organization fight advanced attacks such as WannaCry, register for the free IBM X-Force Exchange.

 |  |  |  | 
Christian Falco
Product Manager, IBM

More from Threat Intelligence
November 12, 2024

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

October 16, 2024

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

September 26, 2024

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature