Many cyber attacks are launched instantly at the timing choice of the attacker.
These are launched over the web connection and can be either a one-off or a running campaign.
The most obvious of these are attacks that need user interaction.
Phishing and XSS attacks are excellent examples of this.
Both are prepared for and launched by the attacker but only take effect when the user triggers the trap.
Some attacks are delayed actions but require a special set of circumstances to trigger.
They can be entirely safe until triggered.
These circumstances can be altogether automatic rather than human-activated.
These types of attacks are called logic bombs.
In this case, the logic bomb wont do anything until the date and time are right.
At that point, the logic bomb is detonated and causes whatever harmful action it is supposed to.
Deleting data is the standard go-to of logic bombs.
Some logic bombs may be multi-layered.
It also doesnt reduce the possibility of the attacker being identified.
Insider Threat
Insider threats almost exclusively use logic bombs.
An external hacker could delete stuff, but they can also benefit directly by stealing and selling the data.
An insider is typically motivated by frustration, anger, or revenge and is disillusioned.
The classic example of an insider threat is an employee recently informed that they will lose their job shortly.
Predictably, motivation will fall and, likely, job performance.
Another possible reaction is a drive for revenge.
In some cases, the drive for revenge can go further to active sabotage.
Tip:Another source of insider threat can be contractors.
In this scenario, a logic bomb is one possible outcome.
Some sabotage attempts may be pretty immediate.
These, however, are often somewhat easy to link to the perpetrator.
For example, the attacker might smash the glass wall of the bosss office.
The attacker could go to the server room and rip out all the cables from the servers.
They could crash their car into the foyer or the bosss car.
The problem is that offices generally have many people who might notice such actions.
They can also feature CCTV to record the attacker committing the act.
Many server rooms require a smart card to access, logging exactly who entered, exited, and when.
In this case, they might give up or choose to do something on the computers.
For someone technically skilled, especially if theyre familiar with the system, computer-based sabotage is relatively easy.
It also has the lure of appearing challenging to attribute to the attacker.
Secondly, the attacker can deliberately time the logic bomb to go off when they are not around.
There are an unknown number of incidents where this has worked out for the insider threat.
At least three documented cases of the insider successfully setting off the logic bomb but being identified and convicted.
Conclusion
A logic bomb is a security incident where an attacker sets up a delayed action.
Logic bombs are almost exclusively used by insider threats, primarily as revenge or an insurance policy.
They are typically time-based though they can be set up to be triggered by a specific action.
A typical result is that they delete data or even wipe computers.
