Modern technology has opened up countless doors for organizations. New levels of efficiency, new techniques, and new services have all become available. But underpinning all this is a complex web of digital architecture. Every application, system, and network runs on meticulously written coding. Unfortunately, this makes them susceptible to malicious attacks if proper care is not taken by IT security software and teams.
In fact, insider threats come in many shapes and forms. Disgruntled employees or even spies can gain access to the internal workings of an organization to wreak havoc. A logic bomb is one way they may choose to do this. This article will offer insight into logic bombs. It will answer foundational questions like what a logic bomb is and how they work, before offering advice on protection.
What is a logic bomb in cyber security?
A logic bomb is a piece of code inserted into an application, network, or system. It is very often used as a form of malicious attack against an organization.It singifincantly harms the victim organization. Anything from corrupting to encrypting and even completely deleting files or data can be coded. These Logic bombs pieces of codes stay dormant until the specific coded condition is met. Because of this, they are not always spotted before being triggered.
Their triggering condition can be anything from an employee being terminated from an organization, a specific time, or other trigger event.
Difference between Logic bombs vs. malware
One might initially think a logic bomb is a type of malware. While both forms of malicious cyber attacks, they are separate entities. Malware is a term used to describe malicious software. Computer viruses, worms, spyware, trojans and more are some examples of malware. One characteristic many types of malware have is the ability to spread, duplicate and infect other computers themselves.
A logic bomb, on the other hand, is simply a piece of embedded code. By itself, it cannot duplicate or infect other systems. Instead, it requires an inside agent to deliberately place the code there. Furthermore, these pieces of codes are not inherently malicious. The code itself is harmless until the condition has been met.
However, some logic bombs contain payloads that include viruses or worms. In this case, malware is deployed under a specific condition using a logic bomb. Similarly, some logic bombs can be set up by malware running on an infected device.
How do logic bombs work?
Logic bombs begin with the code being inserted. This has to be done by someone or something with access to internal applications, systems, or networks. This individual is often known as an insider. Specific applications or systems that the code may be inserted into are payroll software, applications that handle sensitive business data, and so on.
Importantly, the code contains a trigger condition. These can be classified as either positive or negative triggers. Positive triggers are those that occur when a specific event happens. Think of an employee getting terminated, or an application being opened. Negative trigger conditions is the inverse of this: when an event does not happen. For example, if an employee is not paid a high enough pay rise by a certain timeframe.
Both positive and negative triggers act the same once the conditions have been met. The consequences of logic bombs can vary significantly, as it simply depends on what was coded. Some may enact relatively small disruptions to the business, while others can be completely catastrophic. If a business is not prepared with policies such as incident response, disaster recovery, and more, the downtime can be severe.
Difference between Logic bombs vs. time bombs
In short, time bombs are a type of logic bomb. The key difference is that the trigger condition of a time bomb is a specific time.
Who might create a logic bomb?
Logic bombs are normally set in place by unhappy employees. Typically, this includes those that fear their contract may be terminated or are unhappy with the company. In some other cases, logic bombs have been reported to be set up by spies or insider agents. However, all perpetrators require access to an organization's key applications, networks, and systems.
What are the motivations behind logic bombs?
The motivations behind logic bombs share similarities with many other cybersecurity attacks. For example, they may be put in place as a form of protest, revenge, or pure maliciousness. Generally, they are not used for personal gain as the coding is designed to be invisible until triggered.
Are logic bombs always malicious?
The term “logic bomb” or “time bomb” does imply malicious intent and can be considered a form of cyber attack. However, this does not completely exclude any non-malicious use for coding that triggers an event based on a condition.
Examples of logic bomb
- The 1982 ‘bombing’ of the Trans-Siberian Pipeline. Allegedly, a KGB operative was sent to steal classified information from a Canadian company. When the CIA discovered this, they deployed a logic bomb into the data and allowed it to be stolen. As this information was used, the logic bomb was triggered. The result was flawed plans for the pipeline that later resulted in a catastrophic incident.
- In June 2006, Roger Duronio, a system administrator at UBS, was accused of using a logic bomb to cause damage to the company’s computer network. He was also charged with securities fraud for his unsuccessful attempt to manipulate the company’s stock by activating the logic bomb. Duronio was subsequently found guilty and sentenced to 8 years and 1 month in prison. Additionally, he was ordered to pay $3.1 million in restitution to UBS.
- On March 20, 2013, a logic bomb was deployed in an attack against South Korea, resulting in the simultaneous wiping of hard drives and master boot records of at least three banks and two media companies. Symantec reported that the malware responsible for the attack also had the capability to wipe Linux machines.
- On July 19, 2019, David Tinley, a former contractor of Siemens Corporation admitted to planting logic bombs in spreadsheets that he had created for the company. The software was intentionally designed to malfunction after a specific period of time, forcing the company to hire Tinley to fix it for a fee. The logic bombs remained undetected for two years until they were discovered. He has been sentenced to 6 months in prison, followed by two years of supervised release.
How do you prevent falling victim to logic bombs?
These are not the most common type of cyber security attack. However, the threat they pose is enough to warrant defensive measures. Here are some ways to prevent a logic bomb from delivering its payload:
- Invest in endpoint security software like Sangfor’s Endpoint Secure. This is a scalable solution that actively works towards keeping your devices safe as they use systems and applications.
- Train your staff with cyber security best practices. Everything from how to identify a phishing attack to spotting suspicious download sources and a clean desk policy can help.
- Maintain secure coding practices. This can prevent a single inside agent from being able to edit code themselves. By extension, use an access control policy.
- Never run code without thoroughly testing it.
- Employ a solid network of cyber security solutions that keeps your organization safe from malware. Some logic bombs are set in place through malware.
- Keep all operating systems and applications updated to prevent known vulnerabilities.
Keep your business safe from cyber incidents with Sangfor
Want to learn more about logic bombs, or simply have a question to ask our team? Get in touch with us here. You can also browse our range of cyber security solutions for more specific information.
