I’ve been busy teaching cybersecurity classes recently. Most of these courses have been conducted virtually (via Zoom) for students working full-time in the Information Technology Field. I enjoy these classes because most of the time, the students are eager to learn and motivated to complete their certification requirements immediately. Very few of the students’ questions are ‘from left field’. But some topics that they ask about have me questioning whether we are skipping over some fundamental issues that deserve more attention.
A key topic included in most foundational cybersecurity programs is the concept of ‘Logic Bombs’. We cover this in CompTIA Security+, and it’s an important topic to discuss.
In 1996, Omega Engineering, a manufacturing company with manufacturing facilities in New Jersey, reported a computer incident in which all software was deleted from several computer systems. The company claims that they spent nearly $2 million repairing the programs and lost almost $10 million in revenue. A former network administrator was accused of unleashing a hacking "time bomb" within OMEGA's computer systems, which deliberately deleted and erased files. The network administrator was convicted of computer sabotage and was sentenced to 41 months in Federal prison.
There are various types of logic bombs:
Time-based logic bombs are triggered to execute their payload based on specific dates or time intervals.
Event-driven logic bombs that activate when a specific event occurs in the system. The event could be anything from a particular file being accessed to a specific network condition being met.
User-activated logic bombs that rely on specific user actions or inputs to activate. They may be disguised as legitimate programs or files to trick users into triggering them.
Condition-based logic bombs activate when certain conditions are met within the system.
The significance of ‘Logic Bombs’ isn’t the damage, but the premise that a trusted employee plans and executes a malicious action. Every year, many people involuntarily separate from their employers. What needs to be discussed is the offboarding process. Who talks to the soon-to-be former employee? Who is responsible for not only deactivating that now-former employee’s account? What should the review of an exiting employee’s account include?
Another topic is backup. All cybersecurity-oriented certification programs cover this topic, often with an emphasis on backup frequency and data loss prevention. Is this the real problem? My experience has been that while IT professionals all manage and perform backups, very few consider or practice restoration. Restoring data from a backup after an incident can be a complicated task, especially if new data was created during the recovery period.
Even if you regularly create backups, they won't be helpful in an emergency if you can't successfully restore them. It's essential to test and update your backup restoration procedures regularly and to train staff accordingly. Additionally, remember to check periodically that your backups are not corrupted, and be aware of the time required to complete a restoration.
My name is Brian Ford. Welcome to my newsletter. Many know me as a technology instructor, teaching courses in networking and cybersecurity. I’m also a coach who works one-on-one with people who want to learn about and understand Internet, cloud, and cybersecurity technologies. I’m also a technology researcher investigating various cybersecurity topics, including how web browsers and protocols can be used and abused.
Things that I’m going to help readers with:
Choose what technologies, certifications, and career choices to pursue.
Become lifelong learners and earn various technical certifications.
Those who have earned a certification maintain and use it to their advantage.
Please take a look at these posts for help with maintaining your CompTIA and ISC2 certifications.
Have you submitted CEUs or CPEs and been audited? I'd like to hear about your experience with audits.
I tell all my clients and students that I get tremendous personal satisfaction from what I do, not because of the paycheck but because of the impact. I encourage clients to keep in touch with me. If you find this newsletter helpful or if you have something you want to share with others, please don’t hesitate to message me.
Are you someone who could benefit from reading this newsletter?