Skip Navigation
BlackBerry Blog

The Titanic Effect: Refocusing on Prevention

FEATURE / 11.13.17 / Sascha Dubbel

Over the course of the last year, I realized how much enterprises are focused on fixing single cybersecurity problems - instead of preventing them. Today, ransomware is seen as the top challenge and the number of attacks is growing quarter by quarter.


While most companies today are mainly alarmed about crypto trojan infections, there are cyberthreats out there that companies should be even more concerned about, namely data stealers and cyberespionage tools like backdoors and remote access trojans (RATs).

Ransomware is visible - in fact, it is the biggest differentiator compared to other malware types - victims are actively prompted to pay the ransom. But most malware is designed to run invisibly, hide and operate silently, without leaving many traces. You can compare Ransomware to the visible tip of an iceberg. But what about the invisible threats that lurk under the water surface?

Ransomware today makes up a big chunk of the overall malware landscape, but the truth is that it’s only a fraction of the overall threat landscape we’re up against. There are numerous types of malware that cause harm by stealing personal data, company’s confidential intellectual property or altering or deleting data.

But often CISOs and IT security operation teams are focusing on the visible ransomware threats and are trying to solve those with dedicated add-on products or modules to address the ransomware gap, in addition to their existing signature based anti-malware product. They are setting up a framework of dozens of interactive and stand-alone-modules.

Let’s compare it to the structure of a huge ship, like the Titanic. Deemed unsinkable due to its compartment separation design, the Titanic was eventually (and tragically) lost due to damage that was not focused on a specific area and that was able to bypass several security compartments at once, invisible, under the water line.

The analogy applies to companies now, as they try to cope with current ransomware waves. Organizations are trying to fill security gaps by adding dedicated anti-ransomware software and modules that are capable of detecting certain encryption behaviors. While they might be able to address that very specific, niche problem, the overall organization is at risk, or sunk, over time by invisible malware that operates under the water surface and that is invisible by design.

During a recent POC, a customer said to me, “a while ago, I did some tests with a dozen of fresh malware samples, and my antivirus (AV) did quarantine nine out of those. I ran the remaining three samples in a virtual machine (VM) and they did not encrypt the computer or cause visible harm, so I felt pretty protected.”

I analyzed those three malware samples: one was a backdoor, crafted not to execute on a virtual machine; one was a time-fused dropper; and one was a variant of the Dridex banking Trojan.

Malware prevention is possible today. Consider a modern solution that can prevent any type of cyberattack, rather repairing the damage afterwards. Sink the iceberg, not your company.

Sascha Dubbel

About Sascha Dubbel

Senior Security Engineer at Cylance

Sascha Dubbel has been an infosec practitioner for more than 20 years now, helping enterprises and governmental organizations throughout Europe solve their IT security problems. Sascha is currently a Senior Systems Engineer with Cylance, based in Germany. Before that, he spent time with companies like Palo Alto Networks, McAfee/Intel, Secure Computing and Webwasher.

While he is focused on AI-driven security today, Sascha has a strong background in the traditional endpoint and network security sector. He is a certified TeleTrusT security professional and a GIAC certified enterprise defender.