Light Dark
August 16, 2017 By Pamela Cobb 2 min read
Threat Intelligence
X-Force

As both a parent and a bit of a nerd, I have a lot of corny jokes in my arsenal that cover a wide range of topics including animals, food, science fiction and the like. One of my favorite jokes comes from my data science background: “I never metadata I didn’t like.” This joke has it all: wordplay, the spirit of a joke your uncle might tell and even a tangential “Star Trek” tie-in. It also relates to threat intelligence.

The Evolution of Threat Intelligence

When the IBM X-Force Exchange (XFE) launched over two years ago, the platform capabilities solidly supported collaboration and security investigation workflow. Since then, agile development has built up an even more robust set of features to make both collaboration and investigations even easier.

Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence

In the past few months, on-platform notifications have gotten more robust. A user who is not logged in to the X-Force Exchange will be notified of updates to major capabilities in the upper right corner by the bell icon. A logged-in user will see a number of additional notifications available, ranging from feature updates to content and collaboration updates.

In addition to new capabilities, new content notices, such as groups to which you’ve been added or collections that have been shared with you, will be highlighted on the notifications page. The platform also displays recently published data from the IBM X-Force Research team.

Customizing the X-Force Exchange Experience

These public X-Force collections and advisories are incredibly helpful for security analysts because they provide ready-made, validated research and indicators of compromise (IoCs) for active campaigns such as the recent WannaCry and Petya malware outbreaks. Once viewing the collection, you can follow it to get on-platform notifications when new content is added or the notes are updated. You can even subscribe to off-platform notifications by adjusting the user settings on XFE if you’d like to be emailed when followed collections are updated.

By customizing the X-Force Exchange experience, you can ensure that you are receiving the content you need to facilitate investigations and remediation actions. Watch our on-demand webinar on maximizing the impact of threat intelligence to learn more about the platform and its capabilities.

 |  |  |  |  | 
Pamela Cobb
Market Segment Manager, IBM X-Force and Security Intelligence

More from Threat Intelligence
July 26, 2024

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

May 24, 2024

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature