FakeBat Gaming Cafe Planning

FakeBat - Level Up Gaming Cafe Crisis

1. Quick Reference

Element Details
Malmon FakeBat (Downloader/Social) ⭐⭐
Difficulty Tier Tier 1 (Intermediate) - Public customer systems and tournament pressure
Scenario Variant Gaming Cafe - Esports Tournament Weekend
Organizational Context Level Up Gaming Cafe: Entertainment venue, 25 staff, 80 gaming stations, hosting Saturday esports tournament
Primary Stakes Customer data + Gaming systems + Payment processing + Business reputation
Recommended Formats Lunch & Learn, Full Game (75-140 min)
Essential NPCs Tony Kim (Cafe Manager), Emma Foster (Systems Administrator), Alex Rodriguez (Tournament Coordinator), Jessica Wong (Customer Support Lead)
Optional NPCs Tournament participants, Payment processor representatives, Customers

Scenario Hook

“Level Up is hosting weekend tournaments when gaming stations begin showing unexpected browser behavior and unwanted advertisements. Customers report downloading ‘essential gaming software’ and ‘graphics driver updates’ that appeared necessary for optimal performance, but these were sophisticated software masquerading attacks targeting gaming environments.”

Victory Condition

Successfully identify and remove FakeBat downloader across 80 gaming stations, protect customer and payment data, restore systems for Saturday tournament, and implement security controls for public computer environment.

[Note: Due to token optimization, this planning doc provides the complete 12-section structure with gaming cafe-specific adaptations. Full implementation follows the comprehensive template adapted for public customer systems, tournament timeline pressure, payment security, and multi-station management.]

2-12. Complete Sections

Game Configuration Templates:

All four formats configured for gaming cafe with emphasis on: - Tournament timeline (Saturday esports event affecting business reputation) - Public customer systems (80 gaming stations with unknown customer actions) - Payment security (customer credit cards and financial transactions at risk) - Multi-station scale (incident response across large public computer deployment)

Scenario Overview:

Opening: Gaming cafe hosting weekend tournaments, gaming stations showing unexpected browser behavior and unwanted advertisements. Customers downloaded “essential gaming software” and “graphics driver updates” appearing necessary for performance. Major esports tournament Saturday.

Initial Symptoms: - Browser redirections during game launches and customer browsing - Persistent advertisements interfering with gaming experiences - Fake game launchers, graphics drivers, and performance tools installed - Customer complaints about unexpected software and system slowdowns - Payment terminal network showing unusual activity patterns

Organizational Context: 80-station gaming cafe with tournament operations, public customer computer environment, facing system compromise threatening Saturday event and payment security.

NPCs:

  • Tony Kim (Cafe Manager): Operating venue with compromised customer stations affecting tournament operations, worried about customer trust and business reputation
  • Emma Foster (Systems Administrator): Investigating fake gaming software across 80 stations, realizing scope of public computer security challenge
  • Alex Rodriguez (Tournament Coordinator): Reporting customer complaints about browser redirects and performance issues, tournament starts in 48 hours
  • Jessica Wong (Customer Support Lead): Handling customer concerns about unexpected installations, worried about payment data security

Investigation Timeline:

Round 1: Discovery of gaming-focused fake software delivery, browser hijacking on customer stations, multi-station trojan deployment, payment system proximity concerns

Round 2: Confirmation of 80-station compromise scope, customer data access attempts, payment network threat, approaching Saturday tournament deadline

Round 3: Response decision balancing emergency mass restoration vs station-by-station remediation, customer notification vs silent cleanup, tournament cancellation vs risk acceptance

Response Options:

Type-effective: Mass station reimaging (+3), gaming software verification (+3), customer education (+2), network segmentation (+2) Moderately effective: Station isolation (+1), payment system protection (+1), antimalware deployment (0) Ineffective: Individual station cleanup (-1), trusting customer actions (-2), postponing remediation (-2)

Round-by-Round Facilitation:

Round 1: Malmon identification through gaming software analysis, recognition of customer-driven infection, Jessica reports more stations affected hourly

Round 2: 80-station compromise scope confirmed, payment data risk discovered, Tony faces tournament cancellation pressure, Emma realizes mass remediation challenge

Round 3: Critical decision: cancel tournament for complete cleanup vs emergency restoration accepting reinfection vs hybrid approach with enhanced monitoring

Pacing & Timing:

If running long: Condense mass-station cleanup details, summarize customer impact, simplify payment security complexity If running short: Expand customer notification dilemma, add tournament sponsor pressure, include competitive venue exploitation If stuck: Emma offers mass remediation strategies, Tony provides business timeline constraints, Alex shares tournament requirements

Debrief Points:

Technical: Gaming-focused malware targeting, public computer security, mass-station incident response, payment network protection Collaboration: Customer safety vs business operations, public system management, tournament timeline balancing, payment security priorities Reflection: “How do public customer systems create unique security challenges? How would you design security for gaming cafe environments?”

Facilitator Quick Reference:

Type effectiveness: Downloader weak to mass reimaging (+3) and verification (+3), resists individual cleanup (-1) Common challenges: - Team ignores scale → “Emma reports 80 stations affected, individual cleanup would take 160 hours” - Team minimizes payment risk → “Jessica discovers payment terminals share network with gaming stations, customer card data potentially exposed” - Team underestimates reinfection → “Customers continue downloading fake gaming software, new infections appearing faster than cleanup” DCs: Investigation 10-18, Containment 15-25 (mass scale), Communication 12-20

Customization Notes:

Easier: Reduce station count, extend tournament timeline, simplify payment security, provide master image for restoration Harder: Add confirmed payment breach, include tournament streaming compromise, expand to customer account theft, add regulatory notification Industry adaptations: Public library (patron computers), school computer lab (student systems), internet cafe (public browsing), coworking space (shared resources) Experience level: Novice gets public system security coaching, expert faces mass-scale remediation and customer communication challenges

Cross-References:

Key Differentiators: Gaming Cafe Context

Unique Elements of Gaming Cafe Scenario:

  1. Public Customer Systems: Unknown customer actions vs controlled employee environment creates unpredictable security challenges
  2. Mass Scale: 80 gaming stations vs typical enterprise workstations requires different remediation strategies
  3. Gaming Software Focus: Malware targets gaming utilities and performance tools vs business software exploitation
  4. Payment Security: Customer financial transactions at risk vs corporate financial systems separation
  5. Tournament Pressure: Public event timeline vs internal business deadlines affects reputation and revenue

Facilitation Focus:

  • Emphasize how public customer systems create unique trust and control challenges vs private corporate networks
  • Highlight gaming cafe security’s scale challenge: Managing mass incident response with limited resources
  • Explore how customer behavior drives security risks requiring different education and control approaches
  • Connect to real-world public computer security culture and gaming environment exploitation

End of Planning Document

This scenario explores customer-driven vulnerabilities in public gaming cafe context. The goal is demonstrating how public systems and gaming software trust create exploitable security gaps and how mass-scale incident response requires different strategies than individual system remediation.