There’re multiple types of advanced cyber threats, capable of bypassing other endpoint protection layers like existing antivirus software, some of the most common ones include:
Zero-day malware and ransomware – Malware and/or ransomware that infiltrates the system through a zero-day vulnerability (a vulnerability that is exploitable, but the software vendor has not released a patch for it yet – the vulnerability can be known or unknown). Can bypass some behavior-based detections.
Advanced persistent threats (APTs) - Attacks that use continuous, sophisticated and highly evasive hacking techniques to gain unauthorized access to system and stay undetected for a prolonged period of time, with potentially destructive consequences. They usually consist of a few phases, including system infiltration, escalation and lateral movement within the system, and exfiltration of sensitive data. Advanced persistent threats commonly depend on “living off the land” techniques that refer to attacker-behavior that uses tools that already exist in the targeted environment – making it harder to detect, on considerably cheaper to carry out.
Fileless attacks - Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect attacks and remediate them.
Hacking - Hacking is the act of identifying and then exploiting vulnerabilities in a computer system or network, usually to gain unauthorized access to personal or organizational data. Depending on the used techniques, hacking can be hard to detect, as it might leverage stolen credentials or other techniques that make it look like a perfectly normal process until exfiltration happens and it’s already too late to respond.
Detecting and responding to these and other advanced threats requires more advanced security controls like EDR.