Light Dark
June 12, 2017 By Christian Falco 3 min read
Threat Intelligence
Advanced Threats
Malware

Last month, we celebrated the two-year anniversary of the IBM X-Force Exchange (XFE). During that week, the threat intelligence sharing platform reached a record spike in traffic as users flocked to the site to stay up to date on the recently exposed WannaCry ransomware.

10 Threat Intelligence Sharing Tips to Fight Cybercrime

As the X-Force team populated the WCry2 Ransomware Outbreak collection, it quickly became the highest-rated and most-followed collection in XFE history. With the wind behind our sails, it seems like the perfect time to share some of the platform’s top tips and tricks that even our 35,000 registered users might not know about.

1. Keep Up With Malware Trends and Tactics

Many organizations struggle to keep pace with the various versions of malware out in the wild, let alone the increasingly sophisticated tactics of their operators. It’s crucial to remain vigilant using the existing security systems and awareness programs you have in place to prevent malware from infecting your endpoints and network. This is a never-ending battle that requires you to push your vendors and staff to think differently about access and data protection. It’s also important to constantly assess the cybercrime landscape to stay one step ahead of threat actors’ evolving tactics. As Barkley pointed out in its “2017 Malware Trends Report,” today’s malware commonly infects victims directly via “clickless” methods and by abusing or exploiting legitimate systems.

2. Generate Collections Through Email

With curated threat intelligence, collections help streamline security investigations with information on campaigns, actors, and tactics, techniques and procedures (TTPs), and provide actionable recommendations from the X-Force research community. While you can manually build a collection in the platform, you can save time by using email. To auto-build your collection, navigate to Settings > Inbox, obtain your X-Force email address, and send an email to it.

3. Share Threat Intelligence With Your Social Networks

In light of the WannaCry ransomware attack, which reached thousands of companies across more than 100 countries, sharing threat intelligence outside your enterprise quickly is just as important as collaborating in your own security operations center (SOC). X-Force Exchange allows security teams to share pertinent threat intelligence on Twitter, Facebook and LinkedIn with just a click of the mouse. Look for the icons in all public collections.

4. Seamlessly Set Up the API

The IBM X-Force Exchange API delivers programmatic access to nearly 800 TB of threat intelligence data across IPs, URLs, vulnerabilities, malware and more. With the API, users can access XFE data from collections, obtain up-to-date information on indicators and integrate with other products to perform real-time actions. As a registered user, go to Settings > API Access to generate your API key, and test its functionality within the interactive Swagger API documentation.

5. Get Even More Access to Threat Intelligence

If nearly a petabyte of threat data isn’t enough, X-Force Exchange has enabled integrations with third-party feeds to expand threat intelligence through its Threat Feed Manager. With more curated knowledge, you can make better decisions even faster when it comes to your security investigation. Go to Settings > Integrations to expand your threat intelligence.

6. Build a Customized Watchlist

Keep up with relevant vulnerabilities on selected platforms with our Watchlist feature. Go to Settings > Watchlist to choose your specific enterprise technologies and receive alerts as soon as vulnerabilities are released, complete with pertinent information such as Common Vulnerability Scoring System (CVSS) scores, impacted product lists and references.

7. Get Notified on What’s Important

IBM X-Force Exchange enables notifications beyond just vulnerabilities. For a full menu of alerts on threat intelligence included in Advisories, Collections, Groups and Reports, go to Settings > Notifications. Select and deselect as you see fit to help augment your research workflow and sift through the noise.

8. Prioritize Your Intelligence With a Custom Layout

Want the botnet distribution card front and center? Don’t really care about groups? On the new dashboard, customize your layout with the gear icon. Promote, demote and drop cards as you wish depending on what helps you better research and investigate threats.

9. Help Relevant Collections Rise to the Top

Within each collection, there is a voting feature that allows you to like or dislike a specific collection. Bring awareness to the community with your opinion on the collected threat intelligence, and see the latest and greatest intelligence by going to the Public Collections menu and filtering by date and rating.

10. Validate the Source

XFE has global researchers dedicated to finding, curating and sharing actionable threat intelligence across more than 38 billion web pages, 860,000 IPs and 113,000 vulnerabilities. If you are curious about the source of any given collection, check the version history. IBM X-Force researchers have a blue shield next to their profile image.

Learn More

To explore more ways in which threat intelligence sharing can help your organization fight advanced attacks such as WannaCry, register for the free IBM X-Force Exchange.

 |  |  |  | 
Christian Falco
Product Manager, IBM

More from Threat Intelligence
July 26, 2024

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

May 24, 2024

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature