| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- Okta experienced a cyber-attack in January involving a third-party contractor, leading to unauthorized access to a customer-support engineer's computer [125712].
- This incident was likened to a scenario where a stranger virtually sits down at a computer left unattended, with the hackers being constrained in their actions [125712].
(b) The software failure incident having happened again at multiple_organization:
- Cyber-gang Lapsus$ has been linked to cyber-attacks on high-profile targets, including Okta, and has previously targeted companies like Microsoft [125712].
- Okta's client, Cloudflare, stated it did not believe it had been compromised by the cyber-attack [125712].
- FedEx mentioned having no indication of their environment being accessed or compromised in relation to the incident [125712]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the Okta hack incident reported in Article 125712. The cyber-attack on Okta was attributed to a breach that occurred through a third-party contractor, a "sub-processor," who had their computer accessed by hackers. This breach was likened to leaving a computer unattended in a public place, allowing unauthorized access [125712].
(b) The software failure incident related to the operation phase is evident in the same Okta hack incident. The breach was facilitated by the operation of a customer-support engineer's computer, who was working for the sub-processor. The hackers gained access to the engineer's computer over a five-day period in mid-January, highlighting an operational vulnerability that allowed unauthorized access to occur [125712]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident involving Okta was primarily due to factors originating from within the system. Okta mentioned that the cyber-attack in January involved a third-party contractor, a "sub-processor," and that the matter was investigated and contained internally. The attack was facilitated by the access gained through a customer-support engineer's computer within the system, likened to a stranger virtually using the engineer's machine [125712].
(b) outside_system: The software failure incident also had contributing factors originating from outside the system. The cyber-gang Lapsus$ was identified as the perpetrator behind the hack on Okta. This external threat actor is known for extortion and cyber-attacks on high-profile targets, including Okta and Microsoft. The attack was not a result of internal system vulnerabilities but rather an external threat actor exploiting weaknesses in the system's security [125712]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the Okta hack was primarily due to non-human actions, specifically a cyber-attack by the cyber-gang Lapsus$ [125712]. The attack involved the hackers gaining access to a customer-support engineer's computer, which was likened to a stranger virtually sitting down at the machine and using the mouse and keyboard. This non-human action led to potential viewing or acting upon data of Okta's clients [125712].
(b) Human actions also played a role in the software failure incident as the attack was facilitated by compromising a single account of a customer-support engineer working for a sub-processor of Okta [125712]. Additionally, the response to the incident involved human actions such as investigations, containment efforts, and communication with clients and the public to address the security breach [125712]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The cyber-attack on Okta was attributed to a breach involving a third-party contractor, a "sub-processor," where a customer-support engineer's computer was accessed by hackers over a five-day period in mid-January [125712].
- Okta's Chief Security Officer described the attack as analogous to someone sitting down at a computer left unattended at a coffee shop, indicating a breach that involved physical access to hardware [125712].
(b) The software failure incident related to software:
- The cyber-attack on Okta was carried out by the cyber-gang Lapsus$, indicating a software-related failure in terms of security vulnerabilities exploited by the hackers [125712].
- Okta confirmed that its own systems were not breached, suggesting that the software failure incident primarily stemmed from vulnerabilities in the third-party contractor's systems or software [125712]. |
| Objective (Malicious/Non-malicious) |
malicious, non-malicious |
(a) The software failure incident in this case is malicious. The incident involved a cyber-attack on Okta by the cyber-gang Lapsus$, a South American threat actor known for extortion and threatening the release of sensitive information if their demands are not met [125712]. The attack resulted in unauthorized access to a customer-support engineer's computer, akin to a stranger virtually using the machine, although the hackers were constrained in their actions. The cyber-gang's objective was to target Okta's customers, and there were concerns about potential data breaches and security risks [125712].
(b) The software failure incident is also non-malicious to some extent. Okta stated that the attack, which occurred in January, involved a third-party contractor and was investigated and contained. The company mentioned that there was no evidence of ongoing malicious activity beyond what was detected in January. Okta's Chief Security Officer emphasized that Okta itself had not been breached, and no corrective actions were needed by their customers [125712]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The cyber-attack on Okta was attributed to the cyber-gang Lapsus$, known for extortion and threatening the release of sensitive information if their demands are not met [125712].
- Okta initially stated that the attack involved a third-party contractor, a "sub-processor," indicating a potential poor decision in selecting and managing third-party entities with access to sensitive data [125712].
- The incident involved the compromise of a customer-support engineer's computer, highlighting potential lapses in security protocols or access controls within the organization [125712]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident related to development incompetence is not explicitly mentioned in the provided article.
(b) The software failure incident related to accidental factors is evident in the article. The cyber-attack on Okta, leading to potential data exposure for hundreds of organizations, was caused by the actions of the cyber-gang Lapsus$. The attack was initiated by compromising a third-party contractor's employee's computer, which was likened to leaving a computer unattended in a public place, allowing unauthorized access. This incident highlights the accidental introduction of contributing factors leading to a software failure [125712]. |
| Duration |
temporary |
(a) The software failure incident in the article appears to be temporary. The cyber-attack on Okta, which involved the hackers accessing the computer of a customer-support engineer for a five-day period in mid-January, was contained and investigated by Okta. Okta confirmed that there was no evidence of ongoing malicious activity beyond what was detected in January, and the company remained fully operational without any corrective actions needed by its customers [125712].
(b) The software failure incident was temporary as it was limited to a specific timeframe and did not result in a permanent disruption of Okta's operations or services. |
| Behaviour |
other |
(a) crash: The software failure incident did not involve a crash where the system loses state and does not perform any of its intended functions. The incident described in the articles did not mention a complete system failure or inability to function at all [125712].
(b) omission: The incident did not involve a failure due to the system omitting to perform its intended functions at an instance(s). The articles did not mention any specific instances where the system failed to perform its intended functions [125712].
(c) timing: The incident did not involve a failure due to the system performing its intended functions correctly, but too late or too early. The focus of the incident was on a cyber-attack by a ransomware group affecting Okta and its clients, rather than timing issues related to the system's performance [125712].
(d) value: The incident did not involve a failure due to the system performing its intended functions incorrectly. The articles did not mention any issues with the system providing incorrect outputs or results [125712].
(e) byzantine: The incident did not involve a failure due to the system behaving erroneously with inconsistent responses and interactions. While the cyber-attack by the ransomware group compromised data and access, there was no mention of inconsistent responses or interactions within the system itself [125712].
(f) other: The behavior of the software failure incident can be categorized as a security breach due to a cyber-attack by the Lapsus$ cyber-gang on Okta, compromising data and access for some of Okta's clients. The incident involved unauthorized access and potential viewing or acting upon data, leading to concerns about data security and privacy [125712]. |