| Recurring |
unknown |
The articles do not provide information about the software failure incident happening again at either the same organization (IHG) or at other organizations. Therefore, the information about the incident happening again at one organization or multiple organizations is unknown. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the IHG hack can be attributed to design-related factors introduced during system development and operation. The hackers gained access to IHG's internal IT network by tricking an employee into downloading malicious software through a booby-trapped email attachment. They also bypassed an additional security prompt message sent to the worker's devices as part of a two-factor authentication system. Additionally, they found login details for the company's internal password vault, where the password was extremely weak (Qwerty1234) and available to all employees, highlighting design flaws in access control and password management [132386].
(b) The software failure incident can also be linked to operational factors introduced during the operation or misuse of the system. The hackers, after being foiled in their ransomware attempt, resorted to a wiper attack to irreversibly destroy data. This change in tactic was described as born out of vindictive frustration, indicating a response to the operational challenges faced during the attack. Despite the company's IT team initially finding ways to fend off the hackers, the attackers were still able to inflict damage, showcasing operational vulnerabilities in responding to cyber threats [132386]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident involving IHG was primarily within the system. The hackers gained access to IHG's internal IT network by tricking an employee into downloading malicious software through a booby-trapped email attachment. They also bypassed an additional security prompt message sent to the worker's devices as part of a two-factor authentication system. Additionally, they found login details for the company's internal password vault, where the password was extremely weak (Qwerty1234) and easily accessible to all employees [132386]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case occurred due to human actions. The hackers, a couple from Vietnam, accessed IHG's databases using a weak password (Qwerty1234) and carried out a destructive cyber-attack by deleting large amounts of data [132386].
(b) The incident also involved non-human actions as the hackers used a wiper attack, a form of cyber-attack that irreversibly destroys data, documents, and files, after their initial ransomware attack was foiled by the company's IT team [132386]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in the IHG hack was not directly attributed to hardware issues. The hackers gained access to IHG's internal IT network by tricking an employee into downloading malicious software through a booby-trapped email attachment and bypassing a two-factor authentication system [132386].
(b) The software failure incident in the IHG hack was primarily due to contributing factors that originated in software. The hackers were able to access IHG's databases and carry out a wiper attack after finding weak login details, including an easily guessable password (Qwerty1234) for the company's internal password vault. This allowed them to access sensitive parts of IHG's computer system and irreversibly destroy data [132386]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in Article 132386 was malicious in nature. The hackers described as a couple from Vietnam carried out a destructive cyber-attack against Intercontinental Hotels Group (IHG) "for fun." They initially attempted a ransomware attack but switched to a wiper attack, irreversibly destroying data, after being foiled by the company's IT team [132386].
The hackers accessed IHG's databases using an easily found and weak password, Qwerty1234, and gained access to sensitive parts of the company's computer system by finding login details for the company's internal password vault. They showed no remorse for the disruption caused and even mentioned that they preferred to have legal jobs but the low wages in Vietnam led them to carry out the hack [132386]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
The intent of the software failure incident reported in Article 132386 was a combination of poor decisions and accidental decisions.
1. Poor Decisions:
- The hackers initially planned a ransomware attack but changed tactics to a wiper attack after the company's IT team kept isolating servers, leading to a destructive cyber-attack [132386].
- The hackers accessed the company's internal systems due to an easily found and weak password (Qwerty1234) for the password vault, which was available to all employees [132386].
2. Accidental Decisions:
- The hackers mentioned that their attack was originally planned to be a ransomware attack but turned into a wiper attack as a result of the company's IT team continuously isolating servers before they could deploy the ransomware [132386].
- The hackers tricked an employee into downloading malicious software through a booby-trapped email attachment, bypassing an additional security prompt message sent to the worker's devices as part of a two-factor authentication system [132386]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the IHG hack can be attributed to development incompetence. The hackers were able to access IHG's databases and carry out a destructive cyber-attack because of an easily found and weak password, Qwerty1234. This weak password was the key that allowed the hackers to gain entry into the company's internal systems, highlighting a lack of professional competence in maintaining secure access controls [132386].
(b) Additionally, the incident involved accidental factors as well. The hackers initially planned a ransomware attack but had to change tactics to a wiper attack when the company's IT team kept isolating servers, preventing the deployment of ransomware. This change in tactics was described as a result of "vindictive frustration" on the part of the hackers, indicating an accidental shift in their original plan due to unforeseen circumstances [132386]. |
| Duration |
temporary |
The software failure incident at IHG due to the destructive cyber-attack by hackers was temporary in nature. The hackers initially planned a ransomware attack but switched to a wiper attack after the company's IT team isolated servers, preventing the deployment of ransomware [132386]. The incident caused significant disruption to booking channels and other applications for a period of time before IHG responded by acknowledging the hack to investors [132386]. |
| Behaviour |
other |
(a) crash: The software failure incident in this case did not involve a crash where the system loses state and does not perform any of its intended functions. The incident was more focused on a destructive cyber-attack carried out by hackers who deleted large amounts of data from the company's databases [Article 132386].
(b) omission: The software failure incident did not involve the system omitting to perform its intended functions at an instance(s). Instead, the incident was caused by hackers gaining unauthorized access to the company's internal systems and carrying out a wiper attack to destroy data [Article 132386].
(c) timing: The software failure incident was not related to the system performing its intended functions too late or too early. It was primarily about the hackers' actions in carrying out the cyber-attack and causing disruption to the company's services [Article 132386].
(d) value: The software failure incident did not involve the system performing its intended functions incorrectly. The incident was more about the hackers' actions in accessing sensitive data and carrying out a destructive cyber-attack on the company's systems [Article 132386].
(e) byzantine: The software failure incident did not exhibit the characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The incident was more straightforward in terms of hackers gaining unauthorized access and carrying out a wiper attack on the company's data [Article 132386].
(f) other: The software failure incident involved a cyber-attack where hackers gained access to the company's internal systems, deleted data, and caused disruption to the company's services. The incident highlighted the vulnerabilities in the company's security practices, such as weak passwords and inadequate access controls, leading to the breach and data destruction [Article 132386]. |