The Metropolitan Police Cybercrime Unit (FALCON) has deployed Bromium to rapidly investigate and mitigate cybercrime impacting businesses and the public in London.
Using Bromium for real-time cyber forensics, the Met Police Cybercrime Unit can now contain dangerous malware and allow it to run. They can immediately analyse how all forms of malware behaves, including polymorphic variants, ransomware, targeted nation-state attacks and zero-day exploits. Similar to a bomb disposal unit, if police departments or civilians report malware infections, the FALCON team can respond, extract the malware and contain it in a safe, isolated environment for further investigation. Then the Cybercrime Unit can analyse malware immediately to see how it behaves, and receive the full kill-chain analysis in real-time as the malware runs without a patient zero.
This new approach is far faster than anything the FALCON team has been able to do before and lets them move more quickly to identify and arrest cybercriminals. In addition, the unit will be able to use Bromium for kill chain analysis that provides the evidence for building a case and pursuing prosecutions.
Before Bromium, unpacking and analysing malware could take months in a laboratory. With Bromium running on FALCON laptops, forensic analysis takes only a matter of minutes. As a result, victims can quickly find out if further damage was done by the cyberattack, while at the same time it helps the police ensure the trail doesn’t go cold.
“The Met is committed to fighting cybercrime and works hard every day to catch and convict cybercriminals and support victims,” comments Detective Superintendent Neil Ballard from the Metropolitan Police. “Speed is an advantage when investigating these kinds of crime. Like biological evidence, cyber evidence degrades over time – websites are taken down and the trail goes cold. Bromium can be used to instantly analyse and gather evidence. The victim can then be immediately advised how to mitigate the threat. Evidence collected can then be used to track down the criminal and secure convictions.”
The Office for National Statistics estimated that in 2016 there were 5.4 million fraud and computer misuse offences, of which 3.78 million were instances of cybercrime in the UK. In addition, the latest Cyber Security Breaches Survey reveals that almost half (46%) of all UK businesses identified at least one cybersecurity breach or attack in the last 12 months.
The Met Police Cybercrime Unit will share their intelligence with other leading authorities like Europol and NCSC and where appropriate use as evidence to take action against cybercriminals.
“We are in the midst of a cyber arms race, and are supporting the Met Police to counter the threat by using real-time forensics capabilities,” said Bromium Co-Founder and President Ian Pratt. “With Bromium, the Met Police can now put dangerous malware in a safe hold, allow it to run and detonate, without affecting anything or anyone. The Cybercrime Unit can analyse the malware in real-time, and gather valuable intelligence to see trends and flows that will help to track cybercriminals faster, and speed-up arrests and convictions.”