And that concern, (John) Prisco (CEO of Triumfant) says, could drive more attackers to drop their APT strategies and turn to AVTs instead. “The AVT is going to be attractive to sophisticated attackers because it’s there, and it’s gone,” he says. AVTs take a bit more effort, Prisco observes, because they only work once, but attackers who are highly concerned about attribution will likely be willing to do the extra work.
Using an AVT is no guarantee against detection, DeMesy says. “Detection of advanced volatile attacks is extremely difficult, even when best practices are followed,” he says. “However, you may be able to detect what the attackers are trying to do. Internal honeypots are an excellent way to entice attackers to reveal their presence. Attackers employing advanced volatile attacks are looking to get in and out of a network quickly, bringing with them as much information as possible, so seemly vulnerable targets, such as a honeypot, are a prime target.”
via Move Over, APTs — The RAM-Based Advanced Volatile Threat Is Spinning Up Fast – Dark Reading.