The Met Police’s cyber crime unit has deployed Bromium’s real-time analysis tool to assist with the investigation of attacks on businesses and individuals in London.
Investigators are using Bromium’s detonation chambers, dubbed Micro VMs (virtual machines), to contain and analyse malware while attacks are unfolding in the real world.
The opportunity to watch the virus execute in a safe environment is expected to provide insights that could lead to the police making prosecutions.
“Speed is an advantage when investigating these kinds of crime,” said detective superintendent Neil Ballard of the Met. “Like biological evidence, cyber evidence degrades over time – websites are taken down and the trail goes cold.”
Met officers also want to use the technology to advise victims on how to stop malware from spreading through their network.
“Bromium can be used to instantly analyse and gather evidence,” Ballard added. “The victim can then be immediately advised how to mitigate the threat.”
Bromium’s EMEA CTO Fraser Kyne told NS Tech the technology can contain a range of different types of malware, including polymorphic variants, ransomware, targeted nation-state attacks and zero-day exploits.
“We can see the malware communicating with the server,” said Kyne. “The entire execution path is visible to us and we can report on what it is doing.”