IT Strategies for Your Business: Logic Bombs
In 1982, the CIA allegedly found a way to disrupt the operation of a Siberian gas pipeline to Russia without using explosives. The damage was so large, it is reported the fire was even seen from space.
They caused the pipeline to explode by using a portion of code to control the pipeline’s operation. The CIA called this code a “logic bomb”.
A logic bomb is a malicious piece of code that’s secretly inserted into a computer network, operating system, or software application. Logic bomb attacks can be catastrophic and cause massive damage to data and sensitive information.
In this blog, we will discuss how logic bombs work, the difference between logic bombs and time bombs, and how to prevent them from harming your business.
How Does a Logic Bomb Work?
Logic bombs are small bits of code contained in other programs. Unlike viruses and worms, which can infect a system on their own, a logic bomb is often installed by someone with inside knowledge or expertise of the system.
For example, some employees like to “go out screaming.” A former employee who feels they were let go unjustly may place a logic bomb in their company’s network that deletes files when initiated.
These types of attacks are not meant to go off right away. Logic bombs will lay dormant for a specific amount of time.
Logic bombs are only initiated when a positive or negative condition is met. Logic bombs that have positive triggers detonate after a condition is met – for example, opening a file. Negative triggers usually launch when a condition is not met, like when the logic bomb is not deactivated in time. Once that condition is met, the logic bomb will go off.
The tricky part about a logic bomb is the payload is unknown until it triggers. The payload is basically what type of damage malicious software can inflict and how severe it could be. Since the payload of these attacks is unknown, the damage could be as simple as spam email, or something as serious as theft of valuable data.
Logic Bombs vs. Time Bombs
In 2013, a cyberattack wiped the hard drives of computers belonging to banks and broadcasting companies in South Korea. The attack controlled the exact date and time the malware would begin erasing data from machines. The group responsible for the hack ended up infecting over 32,000 systems. This coordinated attack is known as a time bomb.
While logic bombs require a specific condition to be met before they can run, time bombs do not. Time bombs will explode no matter what unless they are stopped beforehand.
Hackers sometimes like to install time bombs on notable holidays like Christmas or New-Years-Eve. The idea is that people will be too busy to focus on work or security to notice and the chance of a successful attack becomes much higher.
If a disgruntled employee can install the time bomb right before he leaves and it executes long after he leaves the company, it will be much harder to find out that he did it.
How Do I Prevent Logic Bombs?
New vulnerabilities appear pretty frequently. Thankfully, developers release updates to protect businesses from these threats. Operating system updates are of the easiest ways to keep your work devices safe. You should make sure your team is regularly updating your operating system. Your IT team can set policies to automatically update machines at the time most convenient.
Your staff should be mindful of whatever software or documents they download. Hackers like to entice employees with phishing emails that have familiar attachments, or free software. Your IT team can develop training documentation that helps staff members recognize these scams.
It is important to have trusted antivirus software to help remove these infections. Reliable antivirus software will not only help prevent logic bomb attacks, but they will constantly update themselves to adapt to the latest threats. A solid antivirus program will also periodically scan all files, including compressed files.
Unfortunately, the logic bomb could run its course and leave some terrible damage. In this case, you will want to find a way to get back the data that was lost. This is where having a solid backup and disaster recovery plan comes in. Data recovery systems should run periodic backups; if possible, the backup data should be stored in multiple places.
Logic bombs, like many other cyberattacks, are preventable with the right tools and training. Usually, these attacks are only devastating to businesses that are unprepared to mitigate the damage.
Since these attacks can only be installed by someone who has some type of knowledge of the system, it is important to make sure that your staff only has access to files or software that will help complete their daily tasks. Your IT team can set up group policy roles that only give employees the ability to open files or allow certain people to only log in during work hours.
Try to find the most inclusive, but convenient antivirus program for your business needs. It should include multiple features that can detect threats and safeguard them for future ones. The antivirus program should also be easily accessible by your IT team if changes need to be made.
Your IT team should also have policies that disable network access if an employee is terminated. If there is still a need to keep an email account open, for example, the password can be reset and given to the superior who needs it. If you ever encounter a situation where you think a former employee might “go out screaming”, their logins are the last thing they should have access to!