To add to the growing list of infosec acronyms, I recently read about the threat posed by advanced volatile threats...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
(AVTs). Can you explain what is meant by the term AVT and how enterprises can prepare for such threats?
Advanced volatile threat (AVT) is one of the newest fad terms used for marketing security tools and helping companies make their products seem new, fresh and ready to stop up-and-coming attacks.
Ask the Expert
Have questions about enterprise threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Simply put, AVTs are attacks that are only resident in memory and are not written to disk. Memory-based malware is inherently more difficult to detect than other malware; it cannot be identified solely by monitoring the file system. Fortunately, there are many ways to initially detect something that needs to be examined on a system, which will make memory-based malware detection easier. The Windows Incident Response Blog has articles on how to perform memory forensics and malware analysis that could be used to detect an advanced volatile threat.
Once a suspicious network flow or account activity is discovered, an investigation can be done to identify what caused the suspicious activity. Additionally, monitoring for suspicious network connections can be done without access to the compromised system. An enterprise should prepare for an AVT by closely monitoring its systems using anomaly detection techniques and securing its endpoints.
Memory-based malware attacks date back to 2002 if not earlier, and antimalware tools have been addressing the threat of memory-resident malware ever since. So, while the threat is not necessarily new per se, it is still quite volatile because once a system is rebooted, any malware resident only in memory will disappear and requires reinfection of the system to gain access again. Yet reinfection can be easily accomplished if an infected system on the local network has not yet rebooted.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Conficker malware was found in a German nuclear power plant computer system. Expert Nick Lewis explains the possible impact of malware infections of ...continue reading
OneSoftPerDay, an adware program can install backdoors on PCs, is able to avoid detection from antimalware tools. Expert Nick Lewis explains how to ...continue reading
The hot-patching feature in Windows servers is vulnerable to attacks from APT groups. Expert Nick Lewis explains what hot patching is and how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.