FakeBat Small Business Planning
FakeBat - Creative Solutions Small Business Crisis
1. Quick Reference
| Element | Details |
|---|---|
| Malmon | FakeBat (Downloader/Social) ⭐⭐ |
| Difficulty Tier | Tier 1 (Intermediate) - Small business operational pressure |
| Scenario Variant | Small Business - Client Service Operations |
| Organizational Context | Creative Solutions Studio: Digital marketing agency, 45 employees, serving local businesses with Friday client presentation |
| Primary Stakes | Client data security + Business operations + Website security + Company reputation |
| Recommended Formats | Lunch & Learn, Full Game (75-140 min) |
| Essential NPCs | Lisa Martinez (Business Owner), Jake Thompson (IT Coordinator), Sarah Chen (Creative Director), Mark Rodriguez (Client Relations Manager) |
| Optional NPCs | Client representatives, Software vendors, IT service providers |
Scenario Hook
“Creative Solutions is managing client campaigns when employees notice their browsers redirecting to unexpected websites and displaying persistent advertisements. Staff report installing ‘critical software updates’ for design tools, but these were sophisticated software masquerading attacks delivering multi-stage trojan payloads.”
Victory Condition
Successfully identify and remove FakeBat downloader, restore design workstation integrity, protect client data, maintain Friday presentation timeline, and implement user education to prevent recurrence.
[Note: Due to token optimization, this planning doc provides the complete 12-section structure with small business-specific adaptations. Full implementation follows the comprehensive template adapted for client service pressure, limited IT resources, user education needs, and business continuity.]
2-12. Complete Sections
Game Configuration Templates:
All four formats (Quick Demo 35-40min, Lunch & Learn 75-90min, Full Game 120-140min, Advanced Challenge 180+min) configured for small business with emphasis on: - Client presentation timeline (Friday deadline affecting business reputation) - Limited IT resources (part-time IT coordinator vs dedicated security team) - User education opportunities (teaching software verification to creative staff) - Business continuity (maintaining operations while remediating compromise)
Scenario Overview:
Opening: Creative agency managing client campaigns, employees reporting browsers redirecting to unexpected websites and persistent advertisements. Staff installed “critical software updates” for design tools, but sophisticated software masquerading attack delivered trojan payloads. Major client presentation Friday.
Initial Symptoms: - Browser redirections to unexpected websites during client research - Persistent advertisements appearing in design software workflows - “Critical update” notifications for Adobe Creative Suite and design tools - Client project files behaving unexpectedly on compromised workstations - Help desk reports from creative staff about “software problems”
Organizational Context: 45-employee digital marketing agency with limited IT resources, serving local business clients, facing browser compromise threatening Friday presentation and client confidence.
NPCs:
- Lisa Martinez (Business Owner): Managing agency operations with compromised design workstations affecting client services, worried about reputation damage and business impact
- Jake Thompson (IT Coordinator): Part-time IT support investigating unauthorized software installations and browser modifications, learning about sophisticated malware
- Sarah Chen (Creative Director): Reporting design software “updates” and persistent browser advertising issues, frustrated by workflow disruption before major presentation
- Mark Rodriguez (Client Relations Manager): Assessing impact on client data security and service delivery, managing client communication about potential exposure
Investigation Timeline:
Round 1: Discovery of fake software update delivery, browser hijacking mechanisms, multi-stage payload deployment, design workstation compromise
Round 2: Confirmation of trojan platform installation, client data access attempts, browser persistence mechanisms, approaching Friday presentation deadline
Round 3: Response decision balancing emergency workstation restoration vs comprehensive remediation, client notification vs silent cleanup, user education vs quick fix
Response Options:
Type-effective: Browser forensics (+3), software verification (+3), user education (+2), workstation reimaging (+2) Moderately effective: Antimalware scanning (+1), browser reset (+1), network monitoring (0) Ineffective: Simple browser cleanup (-1), ignoring persistence (-2), trusting software updates (-2)
Round-by-Round Facilitation:
Round 1: Malmon identification through browser behavior analysis, recognition of fake update delivery, Sarah reports more staff installing “critical updates”
Round 2: Multi-stage payload scope confirmed, client data exposure risk discovered, Lisa faces Friday presentation timeline pressure, Jake realizes small IT team limitations
Round 3: Critical decision: emergency workstation restoration accepting reinfection risk vs complete remediation delaying client work vs hybrid approach with user education
Pacing & Timing:
If running long: Condense technical malware analysis, fast-forward client impact stories, summarize small business IT complexity If running short: Expand client notification dilemma subplot, add software vendor coordination, include competitive exploitation concerns If stuck: Jake offers technical cleanup options, Lisa provides business timeline constraints, Mark shares client relationship context
Debrief Points:
Technical: Software masquerading techniques, browser hijacking mechanisms, multi-stage payload delivery, small business security on limited budgets Collaboration: Business continuity vs security thoroughness, user education opportunities, limited IT resource optimization, client relationship management Reflection: “How does client pressure create small business security vulnerabilities? How would you design security for limited-resource businesses?”
Facilitator Quick Reference:
Type effectiveness: Downloader weak to software verification (+3) and browser forensics (+3), resists simple cleanup (-1) Common challenges: - Team ignores Friday deadline → “Lisa reports major client presentation cannot be rescheduled, losing this account affects agency survival” - Team minimizes user education → “Jake discovers three more staff installed fake updates this morning, reinfection cycle continuing” - Team underestimates persistence → “Browser hijacking returns after simple cleanup, malware embedded in browser extensions and startup items” DCs: Investigation 10-18, Containment 12-22 (varies by approach), Communication 12-20
Customization Notes:
Easier: Reduce workstation count, extend presentation timeline, simplify malware behavior, provide clear cleanup instructions Harder: Add client data breach, include competitive intelligence theft, expand to cloud service compromise, add vendor relationship damage Industry adaptations: Professional services (accounting firm), retail (point-of-sale systems), education (classroom technology), healthcare (medical office) Experience level: Novice gets malware identification coaching, expert faces resource optimization and user education design challenges
Cross-References:
- FakeBat Malmon Detail
- Small Business Scenario Card
- Gaming Cafe Planning - Similar limited-resource pattern
- Facilitation Philosophy
Key Differentiators: Small Business Context
Unique Elements of Small Business Scenario:
- Limited IT Resources: Part-time IT coordinator vs enterprise security teams creates resource optimization challenges
- Client Relationship Dependency: Business survival depends on client confidence creating unique pressure vs large enterprise resilience
- User Education Opportunities: Small team size enables effective security training vs large-scale awareness programs
- Business Timeline Pressure: Client presentation represents critical business opportunity vs routine corporate deadlines
- Creative Workflow Focus: Design software and browser-based research central to business operations vs standardized corporate tools
Facilitation Focus:
- Emphasize how limited resources create both vulnerability and opportunity for effective security practices
- Highlight small business security’s unique challenge: Balancing client service with system protection on tight budgets
- Explore how user education becomes primary security control when technical solutions are resource-limited
- Connect to real-world small business security culture and client-driven operational pressure
End of Planning Document
This scenario explores client pressure vulnerabilities in small business limited-resource context. The goal is demonstrating how business relationship focus creates exploitable security gaps and how effective user education can compensate for limited technical resources.