Logic bombs explained: Definition, examples, prevention

What makes sense bombing?

As the Stuxnet example shows, a logic bombing attack has its name because the malicious code starts running when a certain logic condition, or triggers., satisfied: It can be defined as an if statement. There are two paths a logic bomb trigger can take: good or bad. A positive trigger goes off when something happens, while a negative trigger goes off when something fails to happen. Stuxnet is a good start: The worm analyzes the underlying hardware and if it matches the system it was designed to attack, it spins any attached uranium centrifuges fast enough to destroy them. There are other, more pedestrian types of fine tuning as well: A logic bomb might explode if someone tries to open a specified file, for example, or copy data from one directory to another.

A false trigger is well deprecated in relation to the type of insider threats we have observed as a common case of logic bomb use. For example, a disgruntled employee, suspecting that he is about to be fired, can plant a logic bomb on the company’s servers that will erase important business data at 10 a.m. unless its creator intervenes. As long as the worker has access to the system, he can prevent the bomb from detonating, potentially fueling a conflict with his employer – or at least leaving them satisfied that their firing will be followed by chaos when they’re done. you left.

The actual behavior of a logic bomb can vary greatly. When it comes to internal threats that make up a large part of the logical bomb area, several types of attacks are very common, including the deletion of a file or hard drive, as a threat of ransom or an act of revenge, or the release of data, as part of a plan to use privileged information at work in the future.


Source link