There are certain knowing glances that experienced parents give each other in the face of a public toddler meltdown. The sheer red-faced, quaking, loud explosion of the tantrum reminds us that 2-year-olds are entirely exasperating human beings and terrible roommates.

But there is a new kind of 2-year-old on the scene now that is well-behaved, well-groomed and, frankly, pretty helpful. We had hoped that when IBM X-Force Exchange debuted two years ago, it would become a hub of threat intelligence collaboration, allowing security analysts to streamline investigation workflows, and work together to better protect their networks and organizations.

It Takes a Village

We’ve grown the user base of X-Force Exchange to over 32,000 registered users, and the number of visitors to the site is almost 15 times that. Our registered users includes not only users outside of IBM, but also IBM Security researchers, analysts and practitioners who use the platform daily to help build better protection for IBM Security products, monitor our Managed Security Services (MSS) clients, and help customers as part of the IBM X-Force Incident Response and Intelligence Services (IRIS) engagements.

Registered users are not the only ones taking advantage of the platform features. In 2016, we made our public collections truly public by ceasing to require users to log in to view them. This helped our IBM X-Force research findings and collections, including those created for various malware campaigns such as Shamoon and Andromeda, to be accessible by anyone with the click of a mouse. This openness translates to all our reports as well, with threat intelligence on vulnerabilities, URL and IP reputation, and web application risks assessments available to be publicly searched. That volume has grown to nearly 2 million executed searches since the platform was released.

The X-Force Exchange Is All Grown Up

IBM continues to beef up higher levels of threat intelligence with insights from our X-Force research team. To date, those collections number over 200 and range from deep insights on malware campaigns to massive collections of spam and phishing indicators to help organizations stop incidents before they become serious issues. You can identify a formal X-Force Advisory by the presence of the X-Force shield on the collection card, and an X-Force researcher by the presence of a blue bar next to an avatar.

We’ll continue to provide research that sheds light on the business impact and risk assessment for security teams, and tie it back nicely to a collection on X-Force Exchange for the technical indicators and threat intelligence reports. With these insights, it’s easy to take preemptive actions, such as blocking access to a URL or quarantining a troublesome file.

Giving Back to the Village

The X-Force Exchange team constantly innovates to help improve the jobs of security analysts. The team has added updates from the X-Force Threat Analysis Service, a daily subscription email from our MSS team that includes current indicators on active attacks on our monitored client environments. To see these in X-Force Exchange, go to Public Collections and filter on “xftas”.

We introduced the ability to bring additional threat intelligence feeds into X-Force Exchange in December, and the roster of partners keeps growing. It’s become even easier to pay attention to critical areas with watchlists and quick collections. Collaboration is made even smoother due to the ability to create collections with as many or as few peers as you want using private groups.

To stay up to date on these and other new features added to X-Force Exchange, follow the X-Force Features tag here on Security Intelligence. If you haven’t yet visited X-Force Exchange, try it now! I promise, there are no small toys with sharp corners to step on.

Free Trial: IBM X-Force Exchange

More from Threat Intelligence

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today