Light Dark
June 12, 2017 By Christian Falco 3 min read
Threat Intelligence
Advanced Threats
Malware

Last month, we celebrated the two-year anniversary of the IBM X-Force Exchange (XFE). During that week, the threat intelligence sharing platform reached a record spike in traffic as users flocked to the site to stay up to date on the recently exposed WannaCry ransomware.

10 Threat Intelligence Sharing Tips to Fight Cybercrime

As the X-Force team populated the WCry2 Ransomware Outbreak collection, it quickly became the highest-rated and most-followed collection in XFE history. With the wind behind our sails, it seems like the perfect time to share some of the platform’s top tips and tricks that even our 35,000 registered users might not know about.

1. Keep Up With Malware Trends and Tactics

Many organizations struggle to keep pace with the various versions of malware out in the wild, let alone the increasingly sophisticated tactics of their operators. It’s crucial to remain vigilant using the existing security systems and awareness programs you have in place to prevent malware from infecting your endpoints and network. This is a never-ending battle that requires you to push your vendors and staff to think differently about access and data protection. It’s also important to constantly assess the cybercrime landscape to stay one step ahead of threat actors’ evolving tactics. As Barkley pointed out in its “2017 Malware Trends Report,” today’s malware commonly infects victims directly via “clickless” methods and by abusing or exploiting legitimate systems.

2. Generate Collections Through Email

With curated threat intelligence, collections help streamline security investigations with information on campaigns, actors, and tactics, techniques and procedures (TTPs), and provide actionable recommendations from the X-Force research community. While you can manually build a collection in the platform, you can save time by using email. To auto-build your collection, navigate to Settings > Inbox, obtain your X-Force email address, and send an email to it.

3. Share Threat Intelligence With Your Social Networks

In light of the WannaCry ransomware attack, which reached thousands of companies across more than 100 countries, sharing threat intelligence outside your enterprise quickly is just as important as collaborating in your own security operations center (SOC). X-Force Exchange allows security teams to share pertinent threat intelligence on Twitter, Facebook and LinkedIn with just a click of the mouse. Look for the icons in all public collections.

4. Seamlessly Set Up the API

The IBM X-Force Exchange API delivers programmatic access to nearly 800 TB of threat intelligence data across IPs, URLs, vulnerabilities, malware and more. With the API, users can access XFE data from collections, obtain up-to-date information on indicators and integrate with other products to perform real-time actions. As a registered user, go to Settings > API Access to generate your API key, and test its functionality within the interactive Swagger API documentation.

5. Get Even More Access to Threat Intelligence

If nearly a petabyte of threat data isn’t enough, X-Force Exchange has enabled integrations with third-party feeds to expand threat intelligence through its Threat Feed Manager. With more curated knowledge, you can make better decisions even faster when it comes to your security investigation. Go to Settings > Integrations to expand your threat intelligence.

6. Build a Customized Watchlist

Keep up with relevant vulnerabilities on selected platforms with our Watchlist feature. Go to Settings > Watchlist to choose your specific enterprise technologies and receive alerts as soon as vulnerabilities are released, complete with pertinent information such as Common Vulnerability Scoring System (CVSS) scores, impacted product lists and references.

7. Get Notified on What’s Important

IBM X-Force Exchange enables notifications beyond just vulnerabilities. For a full menu of alerts on threat intelligence included in Advisories, Collections, Groups and Reports, go to Settings > Notifications. Select and deselect as you see fit to help augment your research workflow and sift through the noise.

8. Prioritize Your Intelligence With a Custom Layout

Want the botnet distribution card front and center? Don’t really care about groups? On the new dashboard, customize your layout with the gear icon. Promote, demote and drop cards as you wish depending on what helps you better research and investigate threats.

9. Help Relevant Collections Rise to the Top

Within each collection, there is a voting feature that allows you to like or dislike a specific collection. Bring awareness to the community with your opinion on the collected threat intelligence, and see the latest and greatest intelligence by going to the Public Collections menu and filtering by date and rating.

10. Validate the Source

XFE has global researchers dedicated to finding, curating and sharing actionable threat intelligence across more than 38 billion web pages, 860,000 IPs and 113,000 vulnerabilities. If you are curious about the source of any given collection, check the version history. IBM X-Force researchers have a blue shield next to their profile image.

Learn More

To explore more ways in which threat intelligence sharing can help your organization fight advanced attacks such as WannaCry, register for the free IBM X-Force Exchange.

 |  |  |  | 
Christian Falco
Product Manager, IBM

More from Threat Intelligence
July 26, 2024

img test

7 min read - test imgWhat is Lorem Ipsum? Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages,…

November 6, 2023

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature