Code Red Scenario: E-commerce Platform Crisis
Scenario Details for IMs
Opening Presentation
“It’s Black Friday morning at ShopCore Technologies, and the platform is handling record traffic for 5,000 online retailers during the most critical shopping weekend of the year. Instead of product catalogs and shopping carts, retailer websites are displaying ‘HELLO! Welcome to http://www.worm.com! Hacked By Chinese!’ while the platform’s servers are generating massive internet scanning traffic, effectively turning the e-commerce infrastructure into part of a coordinated attack network.”
Initial Symptoms to Present:
- “Retailer e-commerce websites displaying defacement messages instead of product catalogs”
- “Shopping cart and payment systems showing ‘Hacked By Chinese!’ messages during peak sales”
- “Platform IIS servers generating massive scanning traffic affecting internet bandwidth”
- “5,000 retailers unable to process holiday sales through compromised platform infrastructure”
Key Discovery Paths:
Detective Investigation Leads:
- E-commerce platform forensics reveal buffer overflow exploitation targeting holiday shopping infrastructure
- Shopping transaction system analysis shows memory-only worm infection across platform web servers
- Holiday shopping timeline analysis indicates compromise during peak Black Friday traffic
Protector System Analysis:
- E-commerce network monitoring reveals infected servers participating in coordinated attacks against financial infrastructure
- Platform security assessment shows delayed patch management affecting critical holiday shopping operations
- Customer shopping data integrity analysis indicates potential exposure through compromised e-commerce systems
Tracker Network Investigation:
- Internet traffic analysis reveals e-commerce platform participating in attacks against other shopping and financial services
- Retail network communication patterns show coordination with other infected e-commerce and payment systems
- Holiday shopping traffic analysis indicates massive revenue impact across thousands of dependent retailers
Communicator Stakeholder Interviews:
- Retailer communications regarding holiday revenue loss and customer shopping disruption
- Customer service management dealing with shoppers unable to complete purchases during Black Friday
- E-commerce industry coordination about platform security and holiday shopping protection
Mid-Scenario Pressure Points:
- Hour 1: Major retailer reports $2 million in lost Black Friday sales due to defaced e-commerce platform
- Hour 2: Payment processing companies report attacks originating from ShopCore’s infrastructure
- Hour 3: 5,000 retailers demanding immediate platform restoration as holiday shopping weekend continues
- Hour 4: News media reports widespread e-commerce disruption affecting Black Friday shopping nationwide
Evolution Triggers:
- If response exceeds 12 hours, retailers lose entire Black Friday weekend revenue affecting annual business results
- If worm containment fails, infection spreads to payment processing and financial services infrastructure
- If platform restoration is delayed, customer shopping data exposure threatens long-term business relationships
Resolution Pathways:
Technical Success Indicators:
- Emergency patch deployment stops worm propagation across e-commerce platform infrastructure
- Retailer websites restored through secure backup systems maintaining holiday shopping capabilities
- Platform servers removed from coordinated attack network while preserving shopping transaction processing
Business Success Indicators:
- E-commerce operations restored with minimal impact on retailer holiday revenue and customer shopping
- Platform reputation protected through rapid response and transparent communication with retail partners
- Customer shopping data secured preventing long-term damage to e-commerce trust and relationships
Learning Success Indicators:
- Team understands e-commerce platform’s critical role in holiday retail economy and internet infrastructure
- Participants recognize platform cybersecurity responsibilities during peak commercial periods
- Group demonstrates coordination between business continuity and internet security obligations
Common IM Facilitation Challenges:
If Retailer Impact Is Underestimated:
“Your technical response is solid, but Amanda just reported that 5,000 retailers are losing Black Friday revenue and threatening to switch platforms. How do you balance worm investigation with critical business relationships?”
If Internet Attack Participation Is Ignored:
“While you’re restoring shopping platforms, Mark discovered that your servers are attacking payment processing companies and other e-commerce infrastructure. How does this change your response strategy?”
If Holiday Timeline Is Overlooked:
“Victoria needs to know: can the platform be restored in time to capture Cyber Monday traffic, or will retailers lose the entire holiday shopping weekend?”