Find Out What Is a Logic Bomb. Definition, Characteristics, and Protection Measures
Today we are talking about one of the sneakiest cybersecurity threats out there: the logic bomb. The name might sound harmless, but this type of cyberattack can be hard to detect, can do all sorts of damage, and can even hit you from the inside of your organization.
Let’s define the logic bomb, see how this attack works and what can you do to stay protected.
What Is a Logic Bomb?
A logic bomb is a piece of malicious code inserted on purpose into a software to attack at a certain moment the operating system, program, or network. The code remains inactive until certain conditions are met, then reveals its malicious payload.
The conditions necessary for a logic bomb to activate can be a time established by the attacker (time bomb), the erasure of a certain file, etc. You can’t tell what the payload will be until it’s triggered. It can delete or steal files, corrupt data, send spam emails, or even clear an entire hard drive or server.
The name of this attack is inspired by the idea that the code “explodes” once the pre-defined conditions are met. It is also called slag code. They can also be incorporated into malware like viruses, worms, or Trojan horses.
How Does a Logic Bomb Work?
This type of attack can be harder to track. It can be months or even years until a logic bomb acts out. Because of the time that passes between the insertion of the code and its activation, threat actors can cover their tracks. More cautious cybercriminals can destroy any evidence as the last stage of the infection.
Logic bombs can be planted by disgruntled employees, as an insider threat. But it can also come from dishonest vendors or even state agents.
Cybercriminals can set positive or negative conditions as a trigger for the attack. For example, if we talk about a positive condition, the malicious code acts out when the condition is met (viewing a specific file). While a negative condition triggers the bomb when the condition is not met (not being discovered or deactivated before a particular period).
In consequence, no matter if the condition is positive or negative when met, it will trigger the bomb. The only way to stop it is to mitigate the condition or erase the code.
The Characteristics of a Logic Bomb
This type of attack is defined by some characteristics:
- It becomes active after a period of time. Initially, when it’s planted, the malicious code it’s inactive and undetected.
- You can’t know the content of a payload. Until the bomb is active, you can’t guess what malware will unleash. And the consequences can vary from data exfiltration to the spread of spam.
- It needs a certain condition to activate. The condition is the detonator, and a logic bomb will pursue its malicious purpose only if the condition is met. Examples of conditions include: eliminating an employee from the company’s payroll, a certain date, etc.
Examples of Logic Bombs
It is said that the history of logic bombs started during the Cold War between the U.S. and the former Soviet Union. Since then, in 2002, a system administrator for the Swiss multinational investment bank UBS Group AG planned an attack. The incident impacted 2,000 of the company’s servers in 400 offices. He received a sentence of more than eight years in jail and a $3 million fine.
In 2003 a Medco system engineer was concerned about being let go. He put in a logic bomb that would purge some data after he departed the organization. When he attempted to erase the bomb, he was discovered and received a 30-month prison term. In 2018 such a malicious code deleted significant amounts of data from the U.S. Army.
In 2019 at Siemens Corporation a contract employee planted malicious code in the automated spreadsheets he created. The malicious code caused frequent glitches in the system. He aimed to bill Siemens every time the program was not working and he had to repair it. The cybercriminal has been caught and incarcerated.
How to Protect Your Company from Logic Bomb Attacks
You can’t guess what kind of malware the payload carries or the extent of the damage that you will suffer. So, once more, protection is the best bet. Better to be safe than sorry.
Here are some measures that can keep you safe from such an attack:
- Use antivirus and anti-malware software that relies on artificial intelligence (AI).
- Always update your software to avoid any vulnerabilities.
- Scan all files, including compressed files and subdirectories.
- Avoid suspicious email attachments.
- Download software only from the official store.
- Do regular backups to recover quickly in the eventuality of an attack.
- Because the threat can come from the inside, increase the rigor of your security checks, your hiring procedures, and the methods you use to keep an eye on your employees and freelancers.
How Can Heimdal® Help?
In the fight against any logic bomb and its payload full of malware, Heimdal Endpoint Detection and Response offers a complex cybersecurity technology. We design it to protect endpoints, continuously monitor them for anomalies, and respond to mitigate cybersecurity threats.
When threats arise, Heimdal’s EDR provides greater visibility into corporate endpoints. Also allows for faster response times, stopping an attack at its beginning.
Some of our most crucial modules are included in our EDR service: Threat Prevention, Patch and Asset Management, Next-Gen Antivirus, Ransomware Encryption Protection, Privileged Access Management, and Application Control. They ensure the following features: automated detection and remediation, machine learning, threat intelligence, application control, patch and vulnerability management, privileged access management, intelligent alerting, and reporting.
Heimdal® DNS Security Solution
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
Cybersecurity threats are here to stay! They are evolving and getting more sophisticated and harder to detect. But it’s in your power to use the perfect security combo: powerful software that will hunt and mitigate malware and protection measures that will decrease the chances of getting breached.