| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- FedEx, the parent company of TNT Express, had previously been hit by ransomware with the WannaCry virus last month [60384].
- Merck, a pharmaceutical giant, confirmed that its computer networks were hit by the virus in the same incident [60384].
(b) The software failure incident having happened again at multiple_organization:
- The latest malware attack, *ExPetr*, has similarities to the WannaCry attack in May, affecting multiple organizations globally [60384].
- DLA Piper, an international law firm, was also struck by the cyberattack in the same incident [60384]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article where it mentions that the latest malware *ExPetr* operated similarly to the WannaCry attack in May, both of which exploited vulnerabilities discovered by the National Security Agency years ago [60384]. This indicates a failure due to contributing factors introduced by system development or updates, as the malware exploited weaknesses in the system that were known but not adequately addressed.
(b) The software failure incident related to the operation phase is evident in the article where it reports that the cyberattack disrupted the delivery and communications of a FedEx subsidiary, TNT Express. The disruption in operations and communications systems of TNT Express showcases a failure due to contributing factors introduced by the operation or misuse of the system [60384]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident reported in the articles is primarily within_system. The failure was caused by a wave of cyberattacks targeting businesses around the world, including FedEx's subsidiary TNT Express. The malware, named *ExPetr*, disrupted delivery and communications systems within TNT Express, affecting operations in Europe, Asia, and the United States [60384].
Additionally, the incident involved ransomware attacks similar to the WannaCry virus, which locked people out of their computer systems and demanded ransom. The vulnerability exploited by the ransomware was linked to weaknesses discovered by the National Security Agency years ago, indicating an internal system vulnerability that was exploited by the attackers [60384]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident was primarily due to non-human actions, specifically a wave of cyberattacks targeting businesses around the world, including FedEx's subsidiary TNT Express. The malware *ExPetr* affected computer systems in Europe, Asia, and the United States, disrupting delivery and communications operations. The attack was similar to the WannaCry virus and exploited vulnerabilities discovered by the National Security Agency [60384].
(b) Human actions also played a role in the software failure incident as companies like FedEx and Merck were targeted by ransomware attacks. The failure to update systems after the previous WannaCry attack could be considered a human action contributing to the vulnerability exploited by the latest malware. Additionally, the response of companies like Merck to the cyberattack involved human decisions to implement business continuity plans and contain the problem [60384]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The software failure incident reported in the articles is attributed to a wave of cyberattacks targeting businesses worldwide, including FedEx's subsidiary TNT Express. This cyberattack disrupted delivery and communications systems, indicating that the failure originated from external factors affecting the hardware systems [60384].
(b) The software failure incident related to software:
- The software failure incident, specifically a ransomware attack dubbed *ExPetr*, affected TNT Express, a subsidiary of FedEx, as well as other companies like Merck and DLA Piper. This incident was caused by malware that exploited vulnerabilities in software systems, similar to the WannaCry attack in May. The ransomware locked people out of their computer systems, indicating a software-related failure [60384]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. The incident involved a wave of cyberattacks targeting businesses around the world, including a FedEx subsidiary, TNT Express, being significantly affected by a virus that disrupted its delivery and communications systems [60384]. The malware responsible for the attack, dubbed *ExPetr*, operated similarly to the WannaCry ransomware attack from the previous month, locking people out of their computer systems and demanding ransom payments [60384]. Additionally, the vulnerability exploited by the ransomware was linked to weaknesses discovered by the National Security Agency [60384].
(b) There is no information in the articles to suggest that the software failure incident was non-malicious. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident related to the cyberattacks on FedEx subsidiary TNT Express and other companies appears to be more aligned with poor_decisions. This is evident from the fact that FedEx was previously hit by the WannaCry virus, indicating a potential lack of adequate cybersecurity measures or updates to prevent such attacks [60384]. Additionally, the ransomware attacks exploiting vulnerabilities known for years further highlight the consequences of not addressing known security weaknesses promptly, which can be attributed to poor decisions in maintaining and securing systems. |
| Capability (Incompetence/Accidental) |
unknown |
(a) The software failure incident reported in the articles is related to a cyberattack involving ransomware affecting companies like FedEx's subsidiary TNT Express, Merck, and DLA Piper. The cyberattack disrupted delivery and communications systems, leading to significant disruptions in operations [60384].
(b) The incident was not described as accidental but rather as a deliberate cyberattack using ransomware to target and compromise the computer networks of various organizations. The attack was linked to the WannaCry ransomware and was identified as a deliberate malware operation named *ExPetr* by researchers at Kaspersky Lab [60384]. |
| Duration |
temporary |
The software failure incident reported in the articles was temporary. The incident was caused by a wave of cyberattacks that targeted businesses around the world, affecting FedEx's subsidiary, TNT Express, as well as other companies like Merck and DLA Piper. The disruption caused delays and operational slowdowns, but the companies were able to implement business continuity plans to ensure ongoing operations [60384]. |
| Behaviour |
omission, other |
(a) crash: The software failure incident related to the cyberattack on FedEx's subsidiary, TNT Express, resulted in disruptions to delivery and communications systems. The systems were significantly affected by the virus, causing operational slowdowns and delays in services [60384].
(b) omission: The software failure incident led to the omission of intended functions as TNT Express operations and communications systems were disrupted, impacting the company's ability to operate normally [60384].
(c) timing: The software failure incident did not specifically mention timing issues where the system performed its intended functions but at the wrong time.
(d) value: The software failure incident did not mention any specific instances of the system performing its intended functions incorrectly.
(e) byzantine: The software failure incident did not describe the system behaving with inconsistent responses and interactions.
(f) other: The software failure incident involved the ransomware attack on TNT Express, which resulted in disruptions and delays in services, impacting the company's operations [60384]. |