Context

Amazon. A storefront with roots tracking to book sales has grown to something unimaginable in scale. As a well$-$known white$-$hat software engineer mercenary consultant working for Amazon, you have been personally tasked by Jeff Bezos to understand the current attack surface and threat landscape in order to protect his $$1+$ trillion dollar empire. Amazon StoreFront consists of two parts: $*$ A web$-$server employing HTML$,$ JSON and javascript technologies that serve out information from relational databases to both customers and internal administrators $*$ A mainframe used internally for fulfilling orders that draws on some of the same table information for orders and extends it with additional capability The questions he has personally posed to you: $1.$ How might an external bad actor attack my system or its customers $($purpose $/$ approach$)?2.$ How might a malicious insider wreak havoc $($purpose $/$ approach$)?3.$ What strategies might I employ to counteract against these threats to protect my billions? Discussion Expectations $1.$ Review the following threat information:$*$ Actor Motivations: $*$ MITRE Attack Framework $-$ Enterprise Motivations $($Tactics$)-$ This resource will better help you understand cyber criminals' motivations. $*$ MITRE Attack Framework $-$ ICS Motivations $($Tactics$)-$ This resource will better help you understand cyber criminals' motivations. $*$ Retail Industry Adversaries $($CrowdStrike$)$:$-$ Scroll down to see each potential adversaries impacting the retail industry to understand their motivation. $*$ Attack Vectors: $*$ OWASP Top $10-2021-$ details the top priority threats facing web applications for $2021$ to get some ideas.$*$ NOTE: This standard is released every $4$ years.$$Past years can be surveyed if desired $($e$.$g$.$ OWASP Top $10-2017)*$ MITRE Attack Framework $-$ Enterprise Techniques$-$ Outlines various attack vectors a malicious actor might employ against an enterprise solution $*$ MITRE Attack Framework $-$ ICS Techniques$-$ Outlines various attack vectors a malicious actor might employ against an ICS solution $($manufacturing $/$ distribution center environment$)2.$ Choose ONE of the following and post to your discussion team:$($Note: The "User must post before seeing replies" is enabled for this discussion to encourage original thought in your initial submission$)*$ External Threat Context $($Bezos Q$1)*$ Post a reply with a misuse case diagram that accounts for at least $3$ misuse cases that an external bad actor might employ against the Amazon Store Front or its customers. Relevant related good actor use cases and actors should also be depicted along with their misuse case relationship. $($e$.$g$.$ "intercepts", "attacks$)*$ NOTE: When using a OWASP or MITRE attack vector $($above$),$ refer to the ID in your use case such that it can be referred to later in the discussion. $($e$.$g$.$ T$1486$ or A$03-2021)*$ NOTE: When placing an actor $-$ tag them with a motivation $($e$.$g$.$ Cobalt Spider or TA$0107)*$ Alternate Instructions: For those with visual disabilities, please textually describe the misuse case diagram to include bad actor, misuse case $(3),$ and any extensions.$$All misuse cases should reference an attack vector and all actors should reference a motivation. $*$ Post a response $($by replying to your initial post$)$ with a misuse scenario for $1$ of the your misuse cases$*$ Internal Threat Context: $($Bezos Q$2)*$ Post a reply with a misuse case diagram that accounts for at least $3$ misuse cases that a malicious insider might employ against the Amazon Mainframe or Storefront. Relevant related good actor use cases and actors should also be depicted along with their misuse case relationship $($e$.$g$.$ "intercepts", "attacks$).*$ NOTE: When using a OWASP or MITRE attack vector $($above$),$ refer to the ID in your use case such that it can be referred to later in the discussion. $($e$.$g$.$ T$1486$ or A$03-2021)*$ NOTE: When placing an actor $-$ tag them with a motivation $($e$.$g$.$ Cobalt Spider or TA$0107).*$ Alternate Instructions: For those with visual disabilities, please textually describe the misuse case diagram to include bad actor, misuse case $(3),$ and any extensions.$$All misuse cases should reference an attack vector and all actors should reference a motivation. $*$ Post a response $($by replying to your initial post$)$ with a misuse scenario for $1$ of the your misuse cases $3.$ Note: The "User must post before seeing replies" is enabled for this discussion to encourage original thought in your initial submission $4.$ Respond to one of your teammates to provide quality feedback and suggestions on strategies that might employ to mitigate against their three misuse cases $($Bezos Q$3)*$ In suggesting countermeasures, you can refer to the OWASP or Threat Identifier $($if available$)$ to get some ideas. $*$