| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- The software failure incident involving fraudulent SWIFT messages and a cyber heist occurred at Tien Phong Bank (TPBank) in Vietnam [44133, 44160].
- TPBank identified suspicious requests through fraudulent messages on the SWIFT system to transfer funds, similar to the technique used in the Bangladesh central bank cyber heist.
- The attack did not cause any losses, and TPBank caught the attempt quickly enough to prevent movement of funds to criminals.
- TPBank mentioned that the transfers were made using the infrastructure of an outside vendor hired to connect it to the SWIFT system.
- The incident at TPBank involved malware installed on a software application used by the third-party vendor, similar to the malware used in the Bangladesh cyber heist.
(b) The software failure incident having happened again at multiple_organization:
- The articles mention that SWIFT, the messaging service, sent a warning to all its customers about cases of fraud involving malware targeting a PDF reader used by customers to review statements summarizing transfers made over SWIFT [44133, 44160].
- Cybersecurity firm BAE Systems reported that malware was used to target a Vietnamese commercial bank using fraudulent messages on the SWIFT network, operating similarly to the malware used in the Bangladesh cyber heist.
- SWIFT had recently issued a warning about malware used in schemes involving fraudulent transfers ordered over the SWIFT network, indicating a broader concern across multiple organizations using the SWIFT system. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the articles. The incident at Tien Phong Bank involved an attempted cyber heist that utilized fraudulent messages on the global interbank messaging system Swift. The attack was facilitated using malware installed on a software application used by a third-party vendor hired by the bank to connect to the SWIFT system [44133, 44160]. This indicates a failure in the design phase where the software application used by the vendor was vulnerable to malware attacks, leading to the exploitation of the system for fraudulent activities.
(b) The software failure incident related to the operation phase is evident in the articles as well. The attack on Tien Phong Bank was detected and halted in time to prevent any financial losses by immediately contacting the involved parties. The bank stated that the attack did not impact the SWIFT system or the transaction system between the bank and its customers [44133, 44160]. This highlights a failure in the operation phase where the attempted cyber heist was a result of misuse or unauthorized access to the system, emphasizing the importance of operational controls and monitoring to prevent such incidents. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident at Tien Phong Bank was facilitated by malware installed on a software application used by a third-party vendor to connect to the SWIFT bank messaging system [44133, 44160]. This indicates that the failure had contributing factors originating from within the system, specifically related to the software application and its vulnerability to malware attacks.
(b) outside_system: The attack on Tien Phong Bank involved the use of fraudulent messages on the global interbank messaging system SWIFT, indicating that the attack originated from outside the bank's system [44133, 44160]. Additionally, the malware used in the attack targeted a PDF reader used by customers to review statements summarizing transfers made over SWIFT, further highlighting an external factor contributing to the software failure incident. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident at Tien Phong Bank was primarily due to non-human actions. The incident involved the use of malware targeting a software application used by a third-party vendor to connect to the SWIFT bank messaging system. This malware facilitated the fraudulent messages on the SWIFT network, similar to the technique used in the Bangladesh cyber heist. SWIFT had issued warnings about such malware being used in fraudulent transfer schemes over its network, indicating a non-human factor contributing to the failure [44133, 44160].
(b) Human actions also played a role in the software failure incident. The bank had hired an outside vendor to connect to the SWIFT system, and it was noted that the attack might have been facilitated by malware installed on a software application used by this third-party vendor. Additionally, the decision to discontinue working with the vendor and switch to a new system with higher security levels was a human action taken in response to the incident [44133, 44160]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The incident at Tien Phong Bank involved an attempted cyber heist that was facilitated by malware installed on a software application used by a third-party vendor, whose servers were based overseas [44133, 44160].
(b) The software failure incident related to software:
- The cyber heist incident at Tien Phong Bank was primarily caused by fraudulent SWIFT messages and malware used to target a PDF reader, both of which are software-related issues [44133, 44160]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. The incident involved an attempted cyber heist at Tien Phong Bank in Vietnam, where hackers used fraudulent SWIFT messages to try to transfer funds. The attack was similar to the one at Bangladesh Bank and involved the use of malware to target a software application used by a third-party vendor connected to the SWIFT network. The attackers attempted to steal over $1 million, but the bank was able to halt the movement of funds and prevent any losses [44133, 44160]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
[a, b] The software failure incident at Tien Phong Bank involved an attempted cyber heist that utilized fraudulent SWIFT messages. The incident was facilitated by malware installed on a software application used by a third-party vendor connected to the SWIFT bank messaging system. The bank identified suspicious requests through fraudulent messages to transfer funds and caught the attempt quickly to prevent any losses. The bank mentioned discontinuing working with the vendor and switching to a new system with higher security. Additionally, SWIFT had issued a warning about malware used in schemes involving fraudulent transfers over the SWIFT network. The incident highlights both poor decisions in terms of vendor selection and accidental decisions leading to the introduction of malware through the software application used by the vendor [44133, 44160]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the articles through the use of malware installed on a software application used by a third-party vendor. TPBank mentioned that the attack might have been facilitated by the malware, and Swift had issued a warning about malware used in schemes involving fraudulent transfers over the Swift network [44133, 44160].
(b) The software failure incident related to accidental factors is highlighted in the articles through the use of fraudulent SWIFT messages that led to the attempted cyber heist. The attack involved suspicious requests through fraudulent messages to transfer funds, indicating an accidental introduction of fraudulent activities into the system [44133, 44160]. |
| Duration |
temporary |
The software failure incident reported in the articles appears to be temporary rather than permanent. The incident involved an attempted cyber heist at Tien Phong Bank in Vietnam, where suspicious requests through fraudulent SWIFT messages were identified and halted in the fourth quarter of the previous year [44133, 44160]. The bank caught the attempt quickly enough to prevent any losses and stated that it had no impact on the SWIFT system or the transaction system between the bank and customers in general. Additionally, the bank took immediate action by discontinuing work with the third-party vendor and switching to a new system with higher security measures [44133, 44160]. This indicates that the software failure incident was temporary and was resolved by addressing specific contributing factors introduced by certain circumstances. |
| Behaviour |
value, other |
(a) crash: The software failure incident did not involve a crash as the system did not lose its state and was able to identify and halt the suspicious requests quickly enough to prevent the movement of funds to criminals [44133, 44160].
(b) omission: The incident does not seem to be related to omission as the system was able to catch the fraudulent messages and prevent the unauthorized transfers, indicating that it did not omit its intended functions [44133, 44160].
(c) timing: The timing of the incident does not suggest a timing failure as the system responded promptly to the suspicious requests and prevented the movement of funds to criminals in a timely manner [44133, 44160].
(d) value: The software failure incident could be categorized under the value failure as the attackers attempted to transfer funds using fraudulent messages, which would have resulted in the system performing its intended functions incorrectly by transferring funds to unauthorized parties [44133, 44160].
(e) byzantine: The incident does not align with a byzantine failure as there is no mention of inconsistent responses or interactions within the system. The system's response to the fraudulent messages was consistent in identifying and halting the unauthorized transfers [44133, 44160].
(f) other: The behavior of the software failure incident could be classified as a security breach or vulnerability exploitation, where the attackers used malware to target the system and attempt fraudulent transfers. This behavior is not explicitly covered in the options provided [44133, 44160]. |