A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met. The term comes from the idea that a logic bomb “explodes” when it is triggered by a specific event. Events could include a certain date or time, a particular record being deleted from a system or the launching of an infected software application.
The level of destruction caused by a logic bomb can vary greatly and the set of conditions able to set one off is unlimited. Common malicious actions that logic bombs are able to commit include data corruption, file deletion or hard drive clearing.
Unlike other forms of malware that break into a secure system, logic bomb attacks tend to be cyber sabotage from a person within an organization who has access to sensitive data. One way that employees might exact revenge on a company if they believe they might be fired is to create a logic bomb that they diffuse each day, and that they alone are the only ones capable of putting off. That way, once they are no longer with the organization, the attack can begin, either instantly or after a pre-determined time period.
How logic bombs work
Logic bombs are secretly inserted into a computer network through the use of malicious code. The code can be inserted into the computer’s existing software or into other forms of malware such as viruses, worms or Trojan horses. It then lies dormant, and typically undetectable, until the trigger occurs.
Triggers can be categorized as positive or negative. Logic bombs with positive triggers happen after a condition is met, such as the date of a major company event. Negative triggers initiate a logic bomb when a condition is not met, such as an employee fails to enter the diffuse code by a certain time. Either way, when the conditions become true, the logic bomb will go off and inflict its programmed damage.
How to safeguard against logic bomb attacks
While business continuity and disaster recovery (BCDR) plans should include how to handle a logic bomb after it executes, cybersecurity best practices can be followed to prevent them in the first place. This includes:
- Periodically scan all files, including compressed files.
- Maintain updated antivirus software.
- Ensure that all users activate features like auto-protect and email screening.
- Protect all computers within a network individually.
- Provide a clear safe use policy to all employees and have them acknowledge their part in maintaining the safety and integrity of any data they have access to.