Last month, we celebrated the two-year anniversary of the IBM X-Force Exchange (XFE). During that week, the threat intelligence sharing platform reached a record spike in traffic as users flocked to the site to stay up to date on the recently exposed WannaCry ransomware.

10 Threat Intelligence Sharing Tips to Fight Cybercrime

As the X-Force team populated the WCry2 Ransomware Outbreak collection, it quickly became the highest-rated and most-followed collection in XFE history. With the wind behind our sails, it seems like the perfect time to share some of the platform’s top tips and tricks that even our 35,000 registered users might not know about.

1. Keep Up With Malware Trends and Tactics

Many organizations struggle to keep pace with the various versions of malware out in the wild, let alone the increasingly sophisticated tactics of their operators. It’s crucial to remain vigilant using the existing security systems and awareness programs you have in place to prevent malware from infecting your endpoints and network. This is a never-ending battle that requires you to push your vendors and staff to think differently about access and data protection. It’s also important to constantly assess the cybercrime landscape to stay one step ahead of threat actors’ evolving tactics. As Barkley pointed out in its “2017 Malware Trends Report,” today’s malware commonly infects victims directly via “clickless” methods and by abusing or exploiting legitimate systems.

2. Generate Collections Through Email

With curated threat intelligence, collections help streamline security investigations with information on campaigns, actors, and tactics, techniques and procedures (TTPs), and provide actionable recommendations from the X-Force research community. While you can manually build a collection in the platform, you can save time by using email. To auto-build your collection, navigate to Settings > Inbox, obtain your X-Force email address, and send an email to it.

3. Share Threat Intelligence With Your Social Networks

In light of the WannaCry ransomware attack, which reached thousands of companies across more than 100 countries, sharing threat intelligence outside your enterprise quickly is just as important as collaborating in your own security operations center (SOC). X-Force Exchange allows security teams to share pertinent threat intelligence on Twitter, Facebook and LinkedIn with just a click of the mouse. Look for the icons in all public collections.

4. Seamlessly Set Up the API

The IBM X-Force Exchange API delivers programmatic access to nearly 800 TB of threat intelligence data across IPs, URLs, vulnerabilities, malware and more. With the API, users can access XFE data from collections, obtain up-to-date information on indicators and integrate with other products to perform real-time actions. As a registered user, go to Settings > API Access to generate your API key, and test its functionality within the interactive Swagger API documentation.

5. Get Even More Access to Threat Intelligence

If nearly a petabyte of threat data isn’t enough, X-Force Exchange has enabled integrations with third-party feeds to expand threat intelligence through its Threat Feed Manager. With more curated knowledge, you can make better decisions even faster when it comes to your security investigation. Go to Settings > Integrations to expand your threat intelligence.

6. Build a Customized Watchlist

Keep up with relevant vulnerabilities on selected platforms with our Watchlist feature. Go to Settings > Watchlist to choose your specific enterprise technologies and receive alerts as soon as vulnerabilities are released, complete with pertinent information such as Common Vulnerability Scoring System (CVSS) scores, impacted product lists and references.

7. Get Notified on What’s Important

IBM X-Force Exchange enables notifications beyond just vulnerabilities. For a full menu of alerts on threat intelligence included in Advisories, Collections, Groups and Reports, go to Settings > Notifications. Select and deselect as you see fit to help augment your research workflow and sift through the noise.

8. Prioritize Your Intelligence With a Custom Layout

Want the botnet distribution card front and center? Don’t really care about groups? On the new dashboard, customize your layout with the gear icon. Promote, demote and drop cards as you wish depending on what helps you better research and investigate threats.

9. Help Relevant Collections Rise to the Top

Within each collection, there is a voting feature that allows you to like or dislike a specific collection. Bring awareness to the community with your opinion on the collected threat intelligence, and see the latest and greatest intelligence by going to the Public Collections menu and filtering by date and rating.

10. Validate the Source

XFE has global researchers dedicated to finding, curating and sharing actionable threat intelligence across more than 38 billion web pages, 860,000 IPs and 113,000 vulnerabilities. If you are curious about the source of any given collection, check the version history. IBM X-Force researchers have a blue shield next to their profile image.

Learn More

To explore more ways in which threat intelligence sharing can help your organization fight advanced attacks such as WannaCry, register for the free IBM X-Force Exchange.

More from Threat Intelligence

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

X-Force data reveals top spam trends, campaigns and senior superlatives in 2023

10 min read - The 2024 IBM X-Force Threat Intelligence Index revealed attackers continued to pivot to evade detection to deliver their malware in 2023. The good news? Security improvements, such as Microsoft blocking macro execution by default starting in 2022 and OneNote embedded files with potentially dangerous extensions by mid-2023, have changed the threat landscape for the better. Improved endpoint detection also likely forced attackers to shift away from other techniques prominent in 2022, such as using disk image files (e.g. ISO) and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today