To add to the growing list of infosec acronyms, I recently read about the threat posed by advanced volatile threats...
(AVTs). Can you explain what is meant by the term AVT and how enterprises can prepare for such threats?
Advanced volatile threat (AVT) is one of the newest fad terms used for marketing security tools and helping companies make their products seem new, fresh and ready to stop up-and-coming attacks.
Ask the Expert
Have questions about enterprise threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Simply put, AVTs are attacks that are only resident in memory and are not written to disk. Memory-based malware is inherently more difficult to detect than other malware; it cannot be identified solely by monitoring the file system. Fortunately, there are many ways to initially detect something that needs to be examined on a system, which will make memory-based malware detection easier. The Windows Incident Response Blog has articles on how to perform memory forensics and malware analysis that could be used to detect an advanced volatile threat.
Once a suspicious network flow or account activity is discovered, an investigation can be done to identify what caused the suspicious activity. Additionally, monitoring for suspicious network connections can be done without access to the compromised system. An enterprise should prepare for an AVT by closely monitoring its systems using anomaly detection techniques and securing its endpoints.
Memory-based malware attacks date back to 2002 if not earlier, and antimalware tools have been addressing the threat of memory-resident malware ever since. So, while the threat is not necessarily new per se, it is still quite volatile because once a system is rebooted, any malware resident only in memory will disappear and requires reinfection of the system to gain access again. Yet reinfection can be easily accomplished if an infected system on the local network has not yet rebooted.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ... Continue Reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common... Continue Reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.