Logic bomb definition, examples, and protection

What is a logic bomb?

A logic bomb is a type of cyber attack in which a set of instructions is secretly inserted into a computer system or application to cause damage. The term comes from the fact that logic bombs only “detonate” once certain conditions are met.

Once activated, logic bombs execute malicious code (their “payload”) which can lead to a range of harmful outcomes, from relatively minor ones like a slower computer or a few corrupt files to major data losses or crashed systems. In extreme cases, logic bomb malware can cripple an organization’s IT infrastructure.

Why logic bomb attacks are dangerous

Logic bombs are dangerous due to the element of surprise and the significant damage they can cause once triggered. Catching the culprit behind a logic bomb attack is also challenging because the delay between setup and detonation provides ample time for malicious actors to cover their tracks.

As a malicious hacking attack, the consequences of logic bombs can be severe. Here are some potential outcomes of logic bomb attacks on organizations and private individuals:

• Data corruption and loss: A logic bomb can destroy important emails, documents, or business records. In extreme cases, it could entirely wipe a corporation's servers.
• Data breaches: Sensitive personal or business information like Social Security numbers or customer data could be leaked, leading to identity theft for individuals and potential legal liabilities for an organization.
• Financial loss: Individuals and organizations could face financial losses from unauthorized transactions. Organizations might also suffer from disrupted business operations that require expensive recovery processes.
• Reputational damage: The disclosure of sensitive or embarrassing information could cause reputational damage, and a company’s market value could be affected by a perception of cybersecurity negligence.
• Downtime: A business could see productivity losses, missed deadlines, and disrupted supply chains, while individuals could experience disruptions to daily activities due to devices being unusable.
• Compliance and regulation problems: A serious data breach could result in a company facing hefty fines or legal scrutiny for failure to comply with data protection laws.

These examples represent only a fraction of what’s possible; logic bombs can be tailored to unleash a wide variety of cyberattacks.

How a logic bomb works

Here’s a step-by-step breakdown of how a logic bomb works:

1. The logic bomb is downloaded onto a system: This may happen the same way many other online attacks do—through malicious files downloaded from the internet. Alternatively, the logic bomb can be planted by an insider, such as a disgruntled employee, with privileged access to a targeted system.
2. The logic bomb remains dormant, awaiting a trigger: What makes logic bombs different from other cyberattacks is that they remain inactive until certain conditions are met. This stealthy nature means they can go undetected for months or even years.
3. The programmed trigger or condition is met: The trigger will depend on how the logic bomb was programmed. It could be as simple as a specific date and time; or it could be related to a specified user action like opening a particular file.
4. The logic bomb is activated and delivers its malicious payload: The payload could be malware that deletes files, corrupts data, locks out users, or even wipes entire server systems. The severity of the damage will depend on how the bomb was programmed.

Types of logic bombs

Logic bombs are typically categorized according to their activation triggers. Below are some of the most common types of logic bombs.

• Event-triggered bombs: Event-triggered bombs activate when specific events occur within the system, such as reaching a certain network traffic threshold or a system configuration change. Event-triggered bombs allow cybercriminals to target particular business activities.
• User-activated bombs: User-activated bombs hinge on specific user actions like logging in or launching a certain application. Or they can be set to go off through a negative trigger, such as when a particular action isn’t carried out. These types of logic bombs are sometimes used to target specific individuals.
• Conditional logic bombs: Conditional logic bombs are especially subtle, detonating only when a highly specific set of conditions are met, such as a combination of time, events, and user activities. Conditional logic bombs allow attackers to tailor their malicious activities with a high degree of precision.
• Time-based bombs: Time-based bombs deliver their payload at a specific date and time. Cybercriminals may use them to coordinate complex large-scale attacks or to inflict damage at a critical moment for maximum impact.

You might have also heard of zip bombs and fork bombs. Despite their similar names, they’re quite different from logic bombs. Zip bombs overload computer systems by expanding to huge sizes when decompressed, while fork bombs replicate rapidly, exhausting system resources.

Logic bomb examples

Unlike real bombs, logic bombs don’t often make the news, but there have been a few prominent cases of large-scale cyber attacks involving logic bombs.

Stuxnet

Stuxnet was a malicious computer worm that targeted Iran’s nuclear program in 2009 and 2010. It famously exploited multiple zero-day vulnerabilities and deployed a highly sophisticated logic bomb attack that physically damaged the country’s nuclear centrifuges.

Siemens Corporation

David Tinley, a contractor at Siemens Corporation, pleaded guilty in 2019 for programming logic bombs in Siemens software that he created for the company. He set the logic bombs to make the software malfunction so Siemens would have to call him back to fix it for a fee.

How to protect yourself against logic bombs

Here are some cybersecurity best practices to follow to help protect yourself against logic bombs and other online threats:

• Don’t open or download attachments from unknown sources: Always be cautious with links and attachments, especially from unknown sources. If you’re unsure about the safety or legitimacy of an attachment, scan it with a reliable antivirus.
• Use cybersecurity software: Use reliable antivirus software to help defend against online threats like logic bombs. Norton 360 Deluxe is a comprehensive online security app that helps block malware, hackers, and other online threats.

 

• Keep your devices updated: Be sure to regularly update the operating system and software on all your devices. Software updates often include security patches that close known vulnerabilities that hackers might otherwise be able to exploit.
• Be careful with third-party apps and browser extensions: Download apps and extensions only from trusted and reputable sources, and read app reviews to vet them before downloading.
• Use 2FA: Set up two-factor authentication wherever possible. This extra security step can significantly hinder hacking attempts.

Help protect your devices and data from malicious software

Logic bombs pose a hidden yet significant threat, striking unexpectedly and causing widespread damage. Use Norton 360 Deluxe to help detect and disarm logic bombs and other malware threats before they blow up your device. Plus, Norton 360 Deluxe features a built-in VPN to encrypt your connection and keep your online activity private.

FAQs about logic bombs

Still got questions about what a logic bomb is? We’ve got answers.

Are logic bombs and malware the same thing?

Technically speaking, logic bombs are not a type of malware, but they’re typically used in tandem with malware, which forms the payload—for example, a virus or worm—delivered by the logic bomb.

Are logic bombs illegal?

Logic bombs are typically considered illegal, as most have malicious intent. They fall under cybercrimes involving unauthorized access, data destruction, and disruption of services, and are punishable by laws such as the Computer Fraud and Abuse Act (CFAA) in the United States and similar regulations worldwide.

What is another name for a logic bomb?

Logic bombs are also known as slag code—the terms are often used interchangeably.

Are all logic bombs malicious?

The term logic bomb is used to describe malicious code that has been planted without consent. There are pieces of code that perform similar (but non-malicious) functions like software programmed to stop working after a trial period expires, but this is simply conditional programming not a logic bomb.