Taking the fight to the cybercriminals, the Metropolitan Police has enlisted the support of security firm Bromium, arming the FALCON cybercrime unit for the battle ahead.
The Met Police intends to leverage the Bromium security approach to gain cyber forensics in real-time, which will provide the ability to ensnare malware and monitor its activity.
By working with Bromium, the FALCON cybercrime unit is aiming to make a rapid analysis of a full spectrum of malware types, including zero-day exploits and nation-state attacks. This streamlined approach is expected to enable the FALCON team to be deployed to reports of attacks, where it can safely contain and process the trapped malware.
Speaking to CBR, Ian Pratt, Bromium Co-Founder and President, said: “There is this huge volume of malware that is out there and quite clearly there are not 3.8 million different criminals, so clearly the same things are showing up in multiple places.
“The challenge is, how do you actually group these things into different campaigns and organisations? That kind of analysis can be really quite tricky, if it is a human doing it they have got to look at the malware and try to come up with indicators that enable you to group these things together into families.”
Mr Pratt refers here to estimates from the Office for National Statistics, which points out that there were 5.4 million computer misuse and fraud offences in 2016, with 3.78 million of these estimated to have been cybercrime.
Pratt said: “We are in the midst of a cyber arms race, and are supporting the Met Police to counter the threat by using real-time forensics capabilities… With Bromium, the Met Police can now put dangerous malware in a safe hold, allow it to run and detonate, without affecting anything or anyone.”
It is expected by Bromium that traditional methods used by the Met that could have taken months, may be reduced to as little as minutes through the simple application of the Bromium offering onto devices used by the FALCON unit.
“The primary benefit of what we do is around protection, making it so that you do not have to worry about malware, you can click on anything and it’s not going to affect your machine. The capability we have had for several years now is that when something is open within a VM, a word document or a web page or what have you, we are actually observing what happens, standing outside looking in,” Pratt said.
Bromium stands out in the crowded cybersecurity market because it leverages virtualisation technology to tackle security, creating an environment that separates the user from lurking attacks. For instance, a user could trigger an attack by following a link to a malicious destination, but remain safely detached.
Mr Pratt further described this process, he said: “This is like a black box flight recorder trace of everything that that VM is doing, and it gives us a big advantage over traditional products because they are trying to defend the operating system while being part of the operating system. The problem they have is most malware is aware of most security products, and within a few milliseconds of malware getting execution on the machine, it is going to have disabled or crippled every security product that it knows about.”
The Government’s Cyber Security Breaches Survey 2017 presented findings that a massive 46 per cent of all UK businesses had identified at least one breach in the past year.
Detective Superintendent Neil Ballard from the Metropolitan Police, said: “The Met is committed to fighting cybercrime and works hard every day to catch and convict cybercriminals and support victims… Speed is an advantage when investigating these kinds of crime. Like biological evidence, cyber evidence degrades over time – websites are taken down and the trail goes cold. Bromium can be used to instantly analyse and gather evidence. The victim can then be immediately advised how to mitigate the threat. Evidence collected can then be used to track down the criminal and secure convictions.”
This article is from the CBROnline archive: some formatting and images may not be present.