There are certain knowing glances that experienced parents give each other in the face of a public toddler meltdown. The sheer red-faced, quaking, loud explosion of the tantrum reminds us that 2-year-olds are entirely exasperating human beings and terrible roommates.

But there is a new kind of 2-year-old on the scene now that is well-behaved, well-groomed and, frankly, pretty helpful. We had hoped that when IBM X-Force Exchange debuted two years ago, it would become a hub of threat intelligence collaboration, allowing security analysts to streamline investigation workflows, and work together to better protect their networks and organizations.

It Takes a Village

We’ve grown the user base of X-Force Exchange to over 32,000 registered users, and the number of visitors to the site is almost 15 times that. Our registered users includes not only users outside of IBM, but also IBM Security researchers, analysts and practitioners who use the platform daily to help build better protection for IBM Security products, monitor our Managed Security Services (MSS) clients, and help customers as part of the IBM X-Force Incident Response and Intelligence Services (IRIS) engagements.

Registered users are not the only ones taking advantage of the platform features. In 2016, we made our public collections truly public by ceasing to require users to log in to view them. This helped our IBM X-Force research findings and collections, including those created for various malware campaigns such as Shamoon and Andromeda, to be accessible by anyone with the click of a mouse. This openness translates to all our reports as well, with threat intelligence on vulnerabilities, URL and IP reputation, and web application risks assessments available to be publicly searched. That volume has grown to nearly 2 million executed searches since the platform was released.

The X-Force Exchange Is All Grown Up

IBM continues to beef up higher levels of threat intelligence with insights from our X-Force research team. To date, those collections number over 200 and range from deep insights on malware campaigns to massive collections of spam and phishing indicators to help organizations stop incidents before they become serious issues. You can identify a formal X-Force Advisory by the presence of the X-Force shield on the collection card, and an X-Force researcher by the presence of a blue bar next to an avatar.

We’ll continue to provide research that sheds light on the business impact and risk assessment for security teams, and tie it back nicely to a collection on X-Force Exchange for the technical indicators and threat intelligence reports. With these insights, it’s easy to take preemptive actions, such as blocking access to a URL or quarantining a troublesome file.

Giving Back to the Village

The X-Force Exchange team constantly innovates to help improve the jobs of security analysts. The team has added updates from the X-Force Threat Analysis Service, a daily subscription email from our MSS team that includes current indicators on active attacks on our monitored client environments. To see these in X-Force Exchange, go to Public Collections and filter on “xftas”.

We introduced the ability to bring additional threat intelligence feeds into X-Force Exchange in December, and the roster of partners keeps growing. It’s become even easier to pay attention to critical areas with watchlists and quick collections. Collaboration is made even smoother due to the ability to create collections with as many or as few peers as you want using private groups.

To stay up to date on these and other new features added to X-Force Exchange, follow the X-Force Features tag here on Security Intelligence. If you haven’t yet visited X-Force Exchange, try it now! I promise, there are no small toys with sharp corners to step on.

Free Trial: IBM X-Force Exchange

More from Threat Intelligence

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…