X-force Intelligence Report

[Osman Briseno]

X-Force Threat Intelligence is a cloud-based threat intelligence solution analyzing over one billion data points. Identify, investigate, and remediate global threats powered by a dynamic blend of human and machine intelligence, harnessing the expansive scale of IBM X-Force.

Quickly research and action threats using X-Force Threat Intelligence, from a rich base of early warning data, strategic and tactical intelligence, augmented with deep vulnerability insights from threat intelligence services research.

Block against malware, phishing, and botnets with curated insights from IBM X-Force. Enrich threat context using feeds and indicators. Access data programmatically via STIX, TAXII, or RESTful API for efficient, automated responses, strengthening your defense against evolving threats.

Collaborate with more than 100k defenders in this threat research community portal. Exchange delivers dependable, actionable, and timely intelligence drawn from a vast repository of 900+ terabytes of threat data.

Leverage APIs for foundational threat intelligence, early warning insights and automated actions. Elevate threat detection, investigation, blocking and enrichment capabilities with integrations across tools like SIEM, IPS, and IDS.

Fortify and enhance security operations with automated, real-time threat detection and blocking. Integrate highly curated X-Force Threat Intelligence with existing security tools, like firewalls, IDS, and SIEM to improve effectiveness and efficiency.

Enhance proactive threat management with detailed insights into threat groups, campaigns, and malware. Operationalize real-time threat intelligence with strategic and tactical reports, industry insights, and urgent notifications of emerging threats.

X-Force is a threat-centric team of hackers, responders, researchers and analysts with decades of experience. Our portfolio includes offensive and defensive products and services, fueled by a 360-degree view of threats. With a deep understanding of how threat actors think, strategize and strike, our team knows how to prevent, detect, respond to, and recover from incidents so that you can focus on business priorities.

Threat intelligence is a compilation of threat information that is gathered across external sources and used to prevent and mitigate cyberattacks. Threat data is organized, refined and augmented to make it actionable and to allow your cybersecurity team to understand threats and the actors behind them.

The X-Force Threat Intelligence team delivers global threat intel applied to your security operations with detection and response content. We help streamline workflow, orchestration and applications that drive enrichment, collaboration, visualization and advanced analytics, providing:

Threat intelligence empowers cybersecurity teams to proactively defend against and rapidly respond to threats attacking their organization by helping them identify and understand their adversary, create a response plan and allocate resources strategically. Cybersecurity teams can use threat intelligence to block attacks in real time and mitigate the risk of attackers affecting their brand and reputation.

Threat intelligence is valuable to different members across the security operations center (SOC), from real-time blocking for tier 1 analysts, aiding investigation and threat hunting for more experienced analysts, to helping SOC leaders make strategic decisions.

Quad9, a partnership between IBM, Packet Clearing House and Global Cyber Alliance, is a recursive DNS platform that blocks against malicious domains to prevent your computers and IoT devices from connecting to malware or phishing sites.

X-Force Threat Intelligence is a cloud-based threat intelligence solution analyzing over one billion data points. It allows you to identify, investigate, and remediate global threats powered by a dynamic blend of human and machine intelligence, harnessing the expansive scale of IBM X-Force.

IBM X-Force Exchange is a cloud-based threat intelligence platform that allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.

The X-Force Exchange provides a combination of observable indicators including vulnerabilities, malware, malware families, IP reputation, URL reputation, web applications, pDNS, WHOIS information, malicious domains, and higher-order intelligence such as actors, campaigns, incidents and TTPs. X-Force Threat Intelligence provides curated analysis of threats, groups, malware and industries.

Based on insights and observations from over 150 billion security events tracked daily across IBM, Red Hat and Intezer, the report found that cybercriminals are finding more opportunities to log in versus hacking into corporate networks through valid accounts. Logically, being able to access an account without needing to hack it is a lot easier than hacking it, as the report noted that obtaining credentials is the preferred choice of threat actors.

How much threat actors want login credentials were represented in the finding from IBM that there was a 266% uptick in infostealing malware in 2023. Infostealing malware, as the name suggests, is designed to steal personally identifiable information such as emails, social media and messaging app credentials, banking details and crypto wallet data.

Malicious actors and threat groups were also found to be fond of targeting critical infrastructure organizations, with 70% of attacks that X-Force responded to last year being against high-value infrastructure targets. Nearly 85% of attacks that X-Force responded to in the sector were caused by exploiting public-facing applications, phishing emails and the use of valid accounts.

Artificial intelligence was the talk of the tech world in 2023 and so to was it for cybercriminals, with the report explaining that cybercriminals are now exploiting AI to improve their returns on investment.

Other findings in the report were that adversaries like Europe, with nearly one in three attacks last year targeting European nations. Surprisingly, X-Force found that the number of phishing attacks decreased by 44% last year from 2022, but that could change given that AI can now speed up attacks.

Today, the National Artificial Intelligence Research Resource (NAIRR) Task Force released its final report, a roadmap for standing up a national research infrastructure that would broaden access to the resources essential to artificial intelligence (AI) research and development.

Established by the National AI Initiative Act of 2020, the NAIRR Task Force is a federal advisory committee. Co-chaired by the White House Office of Science and Technology Policy (OSTP) and the National Science Foundation (NSF), the Task Force has equal representation from government, academia, and private organizations. Following its launch in June 2021, the Task Force embarked on a rigorous, open process that culminated in this final report. This process included 11 public meetings and two formal requests for information to gather public input.

We'll be in touch with the latest information on how President Biden and his administration are working for the American people, as well as ways you can get involved and help our country build back better.

The intelligence report (IR) is used to submit and evaluate information, and to manage dissemination of intelligence. It protects the source and contributes to an audit trail of the intelligence. Standardisation of reporting provides a shared confidence between law enforcement communities and partner agencies.

The IR evaluation reference material provides guidance on the 3x5x2 process and on how to apply it to intelligence that is graded under this system. This reference material will support forces where intelligence/products make reference to historic intelligence graded under the 5x5x5 system.

In order to avoid any chance of compromise, the details of the person providing the information should not be placed in the main body of the IR. The final, sanitised version of an IR to be seen by operational officers and staff (for example, those expected to act upon intelligence) should not detail the true identity of any source, either within a source field or the main body of the text; this includes law enforcement officers and staff as information sources. Organisations must have measures in place to ensure that the correct identity of the source is not revealed.

A unique reference number (URN) is added to the submitted report either electronically or by the receiving intelligence unit in order to provide an audit trail of received information. The intelligence unit will create a second sanitised version of the report if editing or sanitisation is required. They should ensure the removal of the source details and allocate a further URN to this report, and cross-reference it to the original. Local policy determines who specifically has access to unsanitised reports. The original report must be retained and stored securely to ensure that source information is not revealed.

Items of information from the same source but concerning totally different matters should be recorded on separate IRs. If a single source of information provides several items of intelligence relevant to the same issue that could potentially compromise the source, separate IRs can be considered. This is to avoid a single source being identified who may be the only one to know the sum total of the information submitted.

The source evaluation is made by the person submitting the information to describe the reliability of the source. This enables the credibility of the information to be established and informs the proportionality of tactical options.

Information should be for a policing purpose. It should be clear, concise and without abbreviations. The information must be of value and understood without the need to refer to other information sources.

Where possible, the information should be corroborated and its provenance established. This could be done through interrogation of information already held in other business areas, for example, PNC. Where that research has been done this should be recorded and contained within the initial IR and clearly labelled. It should indicate the databases that have been researched.

3a8082e126