If you’ve got an antivirus programme running in the background on your device, you probably feel quite comfortable. It catches the sketchy email attachment or flags a dodgy download here and there – so you almost forget it’s even there. And for your run-of-the-mill malware, that’s how it should work.
But to be the bearer of bad news, there is a different category of threat, one that doesn’t announce itself with a suspicious pop-up or file. It can sit inside of a network for months without causing a single alert, just waiting. Sounds a bit nightmarish, doesn’t it?
These are Advanced Persistent Threats (APTs). The obvious question at this point is, does your antivirus actually stand a chance against them?
What Makes An APT So Different From Other Malware?
APTs are a sustained, targeted operation, often run by a well-funded group or organised cybercriminals. The goal isn’t quick damage, like a virus or phishing attempt. It’s designed to gain long-term access to steal data or spy on communications. Basically, waiting for the right moment to strike.
The Patience Is The Point
For regular malware, the point is to get in quickly and do the damage before being flagged by antivirus software. APT operators do the exact opposite. It can take weeks just to map out a network, learn who talks to whom and which credentials are actually worth stealing.
Everything that they do is slow and deliberate, and they often use tools that already exist on the system instead of dropping in new ones. It makes them that much harder to spot when they aren’t so obvious.
Here’s Why Traditional Malware Often Misses Them Entirely
The majority of traditional antivirus still leans heavily on signature-based detection. It has an existing library of known malware threats that it can compare suspicious files or downloads with, and flag a match if there is one.
Against the millions of generic threats out there, it’s pretty solid. But if you’ve got an attacker writing custom malware so that it so that it doesn’t match anything in the library, that’s where it falls apart.
More from Tech
- Is Defence Tech Becoming Europe’s Most Important Industry?
- Is Agritech Moving Faster Than UK Farmers Can Adapt?
- How Are Digital Threats Changing The Way People Use Everyday Tech?
- What Could Football Technology Look Like By The Next World Cup?
- Top Deep Tech Startups In The Netherlands
- Are We Too Reliant On WhatsApp?
- Travellers Are Starting To See A Drop In Mishandled Luggage – And It’s All Thanks To Tech
- The Supreme Court Just Blocked Geofence Warrants – But What Does It Mean For Your App
APTs Tend To Live Off The Land
One of the tricks in an APT’s playbook is to use tools that are already on your computer. Instead of installing malware that tends to be quite obvious, attackers hijack legitimate programmes to execute their commands or move data around. And since these everyday tools are trusted by your operating system, antivirus has no reason to flag them.
Some Attacks Never Touch Your Hard Drive
Even sneaker is malware that never writes itself to disk at all. It loads directly onto your computer’s memory and then disappears when your system restarts. Traditional antivirus scans files so if there’s no file to scan, there’s nothing to catch.
Now when you combine that with encryption – where the malicious code stays scrambled until the moment it’s needed – and you’ve got yourself an attack that’s practically invisible to an antivirus that relies on familiar patterns.
Does This Mean Antivirus Is Pointless To Have?
Antivirus is still vitally important because it clears out your generic malware and recycled phishing attempts. Without it, you’d likely be swamped with so many common threats that you wouldn’t even have time to think about APTs.
A gap does exist, which is why so many cybersecurity experts talk about APTs in a completely different threat category than opportunistic attacks.
What Does Help When It Comes To APTs?
There isn’t one single answer here and your strategy usually includes different approaches that work together. Certain systems know what to specifically look out for so that if something slips past one, it can get caught by another.
Use Behavioural Detection, Not Fingerprint Matching
This is different to signature-based detection because modern endpoint detection and response (EDR) tools watch behaviour, not just match it to a known list.
Doing it this way catches a lot of what signature-based antivirus misses because it doesn’t focus on what the malware looks like, but what it’s doing. Things like accessing files out of the blue will immediately raise a red flag.
Watching The Whole Network, Not Just The Endpoint
Every APT has to talk to something, whether that’s a command-and-control server or another machine on the network that it’s trying to reach.
Network detection and response tools that monitor traffic for unusual patterns are able to spot parts of an intrusion that don’t show up on one single infected device.
Verify Everything And Assume Nothing
You can’t assume that everything already inside your network is safe. Every device, user and request has to continuously prove itself – this goes a long way in limiting how far an attacker can wander even if they get that initial in.
If this is paired with EDR, it can close the gap considerably if something were to slip through.
