logic Bomb

• A piece of code that executes after a trigger
• Triggers could be:
  • Number of transactions
  • System events
  • Date/time (time bomb)
• Installed by insider threat

Defending

• Hard to identify and triggers are unknown
• Strong anti-virus
• latest security patches
• Regular back-ups

Rootkits

• Gives user root access
• Alters system files
  • Done to hide evidence
  • Firmware rootkits rewrite part of the BIOS
  • Bootkits replace a system’s booloader for same purpose
  • Kernal rootkits replace some of OS kernal
  • Driver rootkits pretend to by a trusted driver

Defending

• Strong anti-virus
• Regular back-ups
• latest security patches
• Enable Secure Boot
  • Detects tampering with boot