| Recurring |
one_organization |
(a) The software failure incident having happened again at one_organization:
- The article mentions that the group Kuba Rensomver, responsible for the recent cyber attack in Montenegro, had first appeared in December 2019 and became a significant threat in 2022 [Article 131429].
- This indicates a recurrence of software failure incidents involving the same group within a certain timeframe, suggesting a repeated pattern of attacks within the same organization or related entities. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase:
The software failure incident in Crna Gora was caused by a cyber attack orchestrated by a cybercriminal group named Kuba Rensomver. The attack involved infecting hundreds of administrative computers with a virus, leading to the shutdown of certain government websites. The incident highlighted a failure in the design of the software used to extort the government, as well as the vulnerability of the systems to cyber threats introduced during the system development phase [131429].
(b) The software failure incident related to the operation phase:
The software failure incident in Crna Gora also involved operational failures, such as the need to disconnect many computers to prevent the spread of the virus, the disruption of government services due to the lack of access to email and websites, and the reliance on alternative communication methods like social media. These operational challenges stemmed from the misuse of the system by cybercriminals who targeted the government's network and disrupted key systems, highlighting vulnerabilities in the operational aspects of the software [131429]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident in Crna Gora was primarily within the system. The incident involved a cyber attack by a known cybercriminal group named Kuba Rensomver, which targeted the government's network using a zero-day virus to infect the system [131429]. Additionally, the attackers utilized methods such as ransomware and overloading servers with clicks to disrupt and compromise the government's online services [131429].
(b) outside_system: The software failure incident in Crna Gora also had contributing factors originating from outside the system. The attack was attributed to the Kuba Rensomver group, which is a criminal group of unknown origin, despite initial claims linking the attack to Russian intelligence services [131429]. Furthermore, the incident involved international collaboration with countries like France and the United States sending cybersecurity experts to assist Crna Gora in responding to the cyber attack [131429]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident in Crna Gora was caused by a cyber attack carried out by a known cyber criminal group named Kuba Rensomver. The attack involved infecting hundreds of administrative computers with a virus, leading to the shutdown of certain government websites. Additionally, the attackers targeted the government's network by overloading servers with clicks to cause website crashes. The incident also involved the removal of DNS servers, a fundamental component of the internet, making it impossible to access the network [131429].
(b) The software failure incident occurring due to human actions:
In response to the cyber attack, countries like France and the United States are sending cybersecurity experts to assist Crna Gora. The government of Crna Gora mentioned that the software used to extort the government was just one part of the attack. Furthermore, the incident involved demands for ransom payments to restore normalcy, indicating a human-driven extortion tactic by the cyber criminal group Kuba Rensomver [131429]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident occurring due to hardware:
- The incident in Crna Gora involved a cyber attack where the government's network was locked, and ransom was demanded to restore normalcy [131429].
- The hackers also targeted the government network by overloading servers with clicks to overwhelm them and cause internet pages to crash [131429].
(b) The software failure incident occurring due to software:
- The cyber attack in Crna Gora was carried out by a known cybercriminal group named Kuba Rensomver, indicating a software-related attack [131429].
- The cybercriminal group used a zero-day virus to infect the government system, which is a software vulnerability exploited by hackers [131429].
- The incident involved ransomware software used to lock the government network and demand payment for decryption [131429].
- The group Kuba Rensomver is known for selling stolen data to other cybercriminals, indicating a software-based data breach [131429]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in Article 131429 is malicious in nature. The incident involved a cyber attack on the government systems of Montenegro by a known cyber criminal group named Kuba Rensomver. The attack included infecting hundreds of administrative computers with a virus, locking the government network, demanding ransom for restoring normalcy, and disrupting various government services. The group utilized sophisticated methods such as zero-day viruses to exploit vulnerabilities in the government's systems. Additionally, the incident involved the removal of DNS servers, rendering many government websites inaccessible, and causing significant disruptions in key systems [131429]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The intent of the software failure incident was due to poor_decisions introduced by the attackers behind the cyber attack on Montenegro. The incident involved a well-known cyber criminal group named Kuba Rensomver who targeted the government's network with ransomware and demanded a ransom for restoring normal operations. Additionally, the attackers utilized a zero-day virus to infect the government system, which was described as a highly valuable virus costing over $10 million to create. The attackers were able to exploit a completely new security vulnerability in the software, known as a zero-day exploit, which gave the software owners no time to secure the system [131429].
(b) The software failure incident was also influenced by accidental_decisions as the Montenegro government initially attributed the cyber attack to Russian intelligence services. However, later investigations directly blamed the Kuba Rensomver group, a criminal group of unknown origin, for the attack. This shift in attribution highlights the initial accidental decision to point fingers at Russian intelligence services before identifying the actual perpetrators behind the cyber attack [131429]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident occurring due to development incompetence:
- The software failure incident in Crna Gora was caused by a cyber attack carried out by a known cyber criminal group named Kuba Rensomver. The attack involved locking the government network and demanding ransom to restore normalcy [131429].
- The incident also involved infecting hundreds of administrative computers in Crna Gora with a virus, leading to many being disconnected to prevent further spread [131429].
- The hackers targeted the government network by using a zero-day virus, which is a new security vulnerability that software owners have no time to address before exploitation [131429].
- The lack of DNS servers made it impossible to access the network, indicating a serious disruption in key systems [131429].
(b) The software failure incident occurring accidentally:
- The software failure incident in Crna Gora was not accidental but a deliberate cyber attack orchestrated by the Kuba Rensomver group [131429].
- The incident involved various tactics such as ransomware and overloading servers with clicks to cause website crashes, indicating a coordinated and intentional attack rather than an accidental failure [131429]. |
| Duration |
temporary |
The software failure incident reported in Article 131429 was temporary. The incident involved a cyber attack on the government systems in Montenegro, leading to the shutdown of certain state websites and the infection of hundreds of administrative computers with a virus. The attack was carried out by a cyber criminal group named Kuba Rensomver. The incident caused disruptions in government operations, with the government resorting to offline communication methods and social media due to the unavailability of email and many ministry websites being offline [131429]. |
| Behaviour |
crash, omission, other |
(a) crash: The software failure incident in Crna Gora involved a crash as certain government websites were not functioning due to a cyber attack, leading to the need to shut down many administrative computers to prevent the spread of the virus [131429].
(b) omission: The incident also involved omission as the government's email system was not operational, and many ministry websites were offline because hackers removed the DNS, a fundamental component of the internet, making it impossible to access the network [131429].
(c) timing: There is no specific information in the provided article indicating a timing-related failure.
(d) value: The incident did not involve a value-related failure.
(e) byzantine: The software failure incident in Crna Gora did not exhibit a byzantine behavior.
(f) other: The incident also involved the use of a zero-day virus by the hacking group Kuba Ransomver to infect the government system, which is a sophisticated and costly method not commonly seen in ransomware attacks [131429]. |