To add to the growing list of infosec acronyms, I recently read about the threat posed by advanced volatile threats (AVTs). Can you explain what is meant by the term AVT and how enterprises can prepare for such threats?
Advanced volatile threat (AVT) is one of the newest fad terms used for marketing security tools and helping companies make their products seem new, fresh and ready to stop up-and-coming attacks.
Ask the Expert
Have questions about enterprise threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Simply put, AVTs are attacks that are only resident in memory and are not written to disk. Memory-based malware is inherently more difficult to detect than other malware; it cannot be identified solely by monitoring the file system. Fortunately, there are many ways to initially detect something that needs to be examined on a system, which will make memory-based malware detection easier. The Windows Incident Response Blog has articles on how to perform memory forensics and malware analysis that could be used to detect an advanced volatile threat.
Once a suspicious network flow or account activity is discovered, an investigation can be done to identify what caused the suspicious activity. Additionally, monitoring for suspicious network connections can be done without access to the compromised system. An enterprise should prepare for an AVT by closely monitoring its systems using anomaly detection techniques and securing its endpoints.
Memory-based malware attacks date back to 2002 if not earlier, and antimalware tools have been addressing the threat of memory-resident malware ever since. So, while the threat is not necessarily new per se, it is still quite volatile because once a system is rebooted, any malware resident only in memory will disappear and requires reinfection of the system to gain access again. Yet reinfection can be easily accomplished if an infected system on the local network has not yet rebooted.
Dig deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis, Enterprise Threats
A new variant of Java-based malware can execute regardless of the operating system used. Nick Lewis explains how to limit the threat.continue reading
A variant of malware on Android devices removes and reinstalls itself when a device powers on or off. Learn how to completely eradicate the threat.continue reading
Expert Nick Lewis explains how to avoid a detrimental VPN bypass flaw that allows malicious apps to infiltrate Android devices.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.