The Metropolitan Police Cybercrime Unit FALCON has deployed a cyber forensics product to investigate and mitigate cybercrime against businesses and the public in London.
Using Bromium, the unit can now contain dangerous malware and allow it to run. They can analyse how all forms of malware behaves, including polymorphic variants, ransomware, targeted nation-state attacks and zero-day exploits. Similar to a physical bomb disposal unit, if police departments or civilians report malware infections, the FALCON staff can respond, extract the malware and contain it in a safe, isolated environment for further investigation. Then the unit can analyse malware to see how it behaves, and receive the full kill-chain analysis in real-time as the malware runs without a patient zero.
The IT security product company says this new approach is far faster than anything the FALCON team has been able to do before and lets them move more quickly to identify and arrest cybercriminals. The unit will be able to use Bromium for kill chain analysis that provides the evidence for building a case and pursuing prosecutions.
Before Bromium, unpacking and analysing malware could take months in a laboratory. With Bromium running on FALCON laptops, forensic analysis takes minutes, the software firm says. As a result, victims can find out if further damage was done by the cyberattack, while at the same time it helps the police ensure the trail doesn’t go cold.
Detective Superintendent Neil Ballard from the Metropolitan Police says: “The Met is committed to fighting cybercrime and works hard every day to catch and convict cybercriminals and support victims. Speed is an advantage when investigating these kinds of crime. Like biological evidence, cyber evidence degrades over time – websites are taken down and the trail goes cold. Bromium can be used to instantly analyse and gather evidence. The victim can then be immediately advised how to mitigate the threat. Evidence collected can then be used to track down the criminal and secure convictions.”
Theunit will share their intelligence with other authorities like the European Union’s policing agency Europol; and the UK’s NCSC.
Bromium Co-Founder and President Ian Pratt said: “We are in the midst of a cyber arms race, and are supporting the Met Police to counter the threat by using real-time forensics capabilities. With Bromium, the Met Police can now put dangerous malware in a safe hold, allow it to run and detonate, without affecting anything or anyone. The Cybercrime Unit can analyse the malware in real-time, and gather valuable intelligence to see trends and flows that will help to track cybercriminals faster, and speed-up arrests and convictions.”