| Recurring |
multiple_organization |
(a) The software failure incident having happened again at one_organization:
The article does not provide information about a similar incident happening again within the same organization or with its products and services. Therefore, it is unknown if a similar incident has occurred again at one_organization.
(b) The software failure incident having happened again at multiple_organization:
The article mentions that the cybercriminal group behind the attack on over 100 banks and financial institutions in 30 nations used a sophisticated malware named "Carbanak" to conduct the thefts. This indicates that the same type of software failure incident has occurred at multiple organizations, affecting banks in Russia, Japan, the United States, and Europe [33665]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the article can be attributed to the design phase. The incident involved the penetration of a bank's internal computers by malware that allowed cybercriminals to record employees' every move, leading to the impersonation of bank officers and unauthorized transfers of millions of dollars from various banks [33665].
(b) Additionally, the software failure incident can also be linked to the operation phase. The cybercriminals sent infected emails to bank employees as bait, leading to the inadvertent download of malicious code, which allowed the hackers to crawl across the bank's network and install remote access tools to capture video and screenshots of employees' computers during their daily operations [33665]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident described in the article was primarily caused by malware that penetrated the bank's internal computers, allowing cybercriminals to record employees' actions and conduct fraudulent activities within the system. The attackers installed a remote access tool (RAT) to capture video and screenshots of the employees' computers, enabling them to mimic normal transactions and manipulate account balances [33665].
(b) outside_system: The attack on the bank's systems was initiated by cybercriminals who sent infected emails to bank employees as bait, leading to the download of malicious code that allowed the hackers to infiltrate the bank's network. The attackers impersonated bank officers and transferred millions of dollars from various banks into dummy accounts set up in other countries. The hackers also targeted online banking systems and A.T.M.s to carry out their fraudulent activities [33665]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the article was primarily due to non-human actions. The incident involved the penetration of the bank's internal computers by malware, allowing cybercriminals to record employees' activities and conduct fraudulent transactions without direct human involvement [33665]. The malware allowed for remote access and control, enabling the cybercriminals to mimic normal banking activities and manipulate account balances to steal money [33665].
(b) Human actions also played a role in the software failure incident. The cybercriminals initiated the attack by sending infected emails to bank employees, who unknowingly downloaded malicious code, allowing the hackers to gain access to the bank's network [33665]. Additionally, the criminals impersonated bank officers to carry out fraudulent transactions and manipulate account balances, exploiting vulnerabilities in the banking systems that were likely not adequately secured against such attacks [33665]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the article was primarily due to contributing factors originating in software rather than hardware. The incident involved malware penetrating the bank's internal computers, allowing cybercriminals to record employees' activities and conduct fraudulent transactions [33665]. The attackers used infected emails to download malicious code onto the bank's network, enabling them to capture video and screenshots of employees' computers and mimic their activities to avoid detection [33665]. Additionally, the criminals manipulated account balances within the bank's accounting systems to steal large sums of money, indicating a software-based attack [33665].
(b) The software failure incident was directly related to software issues, as the attackers exploited vulnerabilities in the bank's systems to carry out the sophisticated cyberattack. The incident involved the deployment of malware, remote access tools, and manipulation of banking systems through software means [33665]. The attackers' tactics focused on leveraging software vulnerabilities to infiltrate the bank's network, monitor activities, and conduct fraudulent transactions without raising suspicion [33665]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. It involved cybercriminals penetrating the bank's internal computers with malware, allowing them to record employees' activities, impersonate bank officers, transfer millions of dollars, and conduct one of the largest bank thefts ever [33665]. The attackers were patient, sophisticated, and aimed to remain covert while manipulating account balances and transferring money out of the bank [33665]. The attack was orchestrated by a specialized group of cybercriminals who meticulously planned and executed the theft over nearly two years [33665].
(b) There is no information in the articles to suggest that the software failure incident was non-malicious. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident described in the article was primarily due to poor decisions made by the cybercriminals who orchestrated the attack on multiple banks and financial institutions. The attackers sent infected emails to bank employees, leading them to inadvertently download malicious code, allowing the hackers to gain access to the bank's network. The attackers then installed a remote access tool (RAT) to capture video and screenshots of the employees' computers, mimicking their activities to make the transactions appear normal. The criminals also took great pains to learn each bank's system and set up fake accounts to receive the stolen funds. These actions demonstrate a series of deliberate and calculated decisions made by the cybercriminals to carry out the sophisticated attack [33665].
(b) The software failure incident can also be attributed to accidental decisions made by the banks and financial institutions that were targeted. The hackers exploited vulnerabilities in the banks' systems, such as employees clicking on infected emails, inadequate network security measures, and delayed monitoring of account activities. The article mentions that many banks only checked their accounts every 10 hours, providing a window of opportunity for the hackers to manipulate account balances and transfer funds undetected. These accidental decisions, such as lax security protocols and delayed monitoring, inadvertently facilitated the success of the cybercriminals in carrying out the theft [33665]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in the article was not due to development incompetence but rather due to the sophisticated tactics employed by cybercriminals who infiltrated the bank's internal computers using malware [33665].
(b) The software failure incident was accidental in the sense that the bank employees inadvertently downloaded malicious code by clicking on infected emails sent by cybercriminals, which allowed the hackers to gain access to the bank's network [33665]. |
| Duration |
temporary |
The software failure incident described in the article was temporary. The malware penetrated the bank's internal computers, allowing cybercriminals to record employees' activities and conduct fraudulent transactions over a period of nearly two years [33665]. The attackers meticulously planned and executed their scheme, indicating that the failure was due to contributing factors introduced by certain circumstances but not all. |
| Behaviour |
value, other |
(a) crash: The software failure incident described in the article did not involve a crash where the system lost state and did not perform any of its intended functions. The incident involved a sophisticated cyberattack where the malicious software allowed cybercriminals to record the bank employees' every move, leading to unauthorized transfers and theft [33665].
(b) omission: The software failure incident did not involve omission where the system omitted to perform its intended functions at an instance(s). Instead, the cybercriminals meticulously planned and executed the attack by impersonating bank officers, transferring funds, and manipulating account balances without the system omitting any intended functions [33665].
(c) timing: The software failure incident did not involve timing issues where the system performed its intended functions correctly but too late or too early. The cybercriminals in this incident were patient and methodical, placing surveillance software in the bank's systems and watching their moves for months before executing the fraudulent activities [33665].
(d) value: The software failure incident did involve a failure related to the system performing its intended functions incorrectly. The cybercriminals manipulated account balances, transferred funds, and conducted unauthorized transactions, resulting in significant financial losses for the targeted banks [33665].
(e) byzantine: The software failure incident did not exhibit a byzantine failure where the system behaved erroneously with inconsistent responses and interactions. The cybercriminals in this incident operated covertly, mimicking normal banking activities to avoid detection while executing their fraudulent schemes with precision [33665].
(f) other: The behavior of the software failure incident can be described as a sophisticated and coordinated cyberattack orchestrated by a specialized group of cybercriminals. The attackers used various tactics, including sending infected emails, installing remote access tools, impersonating bank officers, manipulating account balances, and executing unauthorized transfers to carry out the thefts without raising alarms [33665]. |