Force to cut length of investigations after collaborating with ‘innovative’ cybersecurity company

The Metropolitan Police Service (MPS) has begun a partnership with a leading cybersecurity company to rapidly capture malware, analyse its behaviour, and prevent it from harming businesses in the capital.

Nov 2, 2017

The Metropolitan Police Service (MPS) has begun a partnership with a leading cybersecurity company to rapidly capture malware, analyse its behaviour, and prevent it from harming businesses in the capital. FALCON, the MPS’s cybercrime unit, announced its partnership with Bromium on Thursday (November 2) and will have their software running in its laboratories in the coming weeks. After representatives from Bromium met members of the FALCON team by chance at an event, the two parties soon realised the benefits of using it in policing. The software is currently used by organisations to stop dangerous malware from harming their computer systems, but FALCON has a much more innovative use for the software. Instead of identifying and destroying malware, Bromium contains it inside a micro VN without it causing any harm to the computer. Once the malware is contained, the FALCON team will then be able to safely detonate the malware and immediately analyse how it behaves, which will reveal the kill chain and provide evidence to potentially build a case and pursue prosecutions. Fraser Kyne, EMEA CTO at Bromium, told Police Professional: “The thing that the MPS were most interested in was once you put something in a little box like this, those environments we create are an ideal little honeypot in which you can safely detonate malware and watch what it is doing.” Before Bromium, unpacking and analysing malware could take a number of months, but the software allows this to happen within minutes, saving the MPS a significant amount of time. It also allows victims to quickly find out if any further damage was done to their computer by the cyberattack. Detective Superintendent Neil Ballard highlighted the importance of speed when responding to cybercrime. He said: “The Met is committed to fighting cybercrime and works hard every day to catch and convict cybercriminals and support victims. “Speed is an advantage when investigating these kinds of crime. Like biological evidence, cyber evidence degrades over time – websites are taken down and the trail goes cold. “Bromium can be used to instantly analyse and gather evidence. The victim can then be immediately advised how to mitigate the threat. Evidence collected can then be used to track down the criminal and secure convictions.” There is also a potential to track the source in which the malware came from using command and control servers. When malware detonates and tries to dial back to where it came from, Bromium is able to quickly obtain that information. “FALCON know they have a window of opportunity and what they are very keen to do is capture as quickly as possible where the malware is going and if they can follow that trail before it goes cold,” Mr Kyne said. Following several months working with the “impressive” FALCON team, the company has confirmed it is open to working with other police forces. “Absolutely we would welcome the chance to work with other entities and in fact we’re engaged with other organisations at the moment,” Mr Kyne added. “But this is the first of this innovative use cases where it’s very much a partnership where we have technology and we have tools, they have capabilities, skills and the need for those tools and we’ve really just put the two things together. “The industry has to work with policing, we have a role here to play, there are people, there are processes and there are technologies, and we have to do all of those things.” Ian Pratt, president of Bromium, added: “We are in the midst of a cyber arms race, and are supporting the Met Police to counter the threat by using real-time forensics capabilities. “With Bromium, the Met Police can now put dangerous malware in a safe hold, allow it to run and detonate, without affecting anything or anyone. “The Cybercrime Unit can analyse the malware in real-time, and gather valuable intelligence to see trends and flows that will help to track cybercriminals faster, and speed-up arrests and convictions.”

Related News

Copyright © 2021 Police Professional