Tools for Responding to & Fixing Cybercrime Events

Instructor: Gary Manns

Gary has taught graduate and undergraduate courses in IT and has a master's degree in Information Assurance and Security.

In this lesson the reader will understand the different types of cybercrime events that require the actions of a CSIRT (Computer Security Incident Response Team) and tools that are used to mitigate the cyber threat.

Cybercrime Events

Both companies and individuals are targets of threat actors. Companies, regardless of size, industry, or worth are under constant threat of being attacked and risk losing sensitive information. Cybercrime events are now common in the media today. Major cybercrime events in 2018 such as the attacks on Facebook and Starwood have left sensitive information vulnerable to threat actors and have affected millions of people.

Threat actors have various attack methods in their arsenal that can be used to carry out cybercrime. In 2018, a few common attacks that threat actors have used were:

  • Hacking
  • Ransomware
  • Denial of Service


This is a go-to method of cybercrime that threat actors have used for years. Hacking is used by threat actors to gain access into a company's network by looking for vulnerabilities and weaknesses in both technology and people.


Ransomware is a very common attack method used by threat actors in which they encrypt files and require payment for the decryption key. Many companies have had to face the difficult decision of either paying the ransom or losing the information if it is not recoverable by other means.

Denial of Service

Threat actors who use a Denial of Service attack (DoS) do not intend to steal data, but instead intend to disrupt a service. Recently, a DoS attack was launched against major Internet Service Providers' (ISP) Domain Name System (DNS) servers. While this attack did not steal sensitive information, users of the Internet were severely impacted and in some cases companies were unable to do business.

Responses to Cybercrime

When a Cybercrime event takes place, measures must be taken to contain, eradicate, and recover from the event as quickly as possible. It is sometimes difficult for companies to take these measures without having dedicated and trained resources available to stop the cybercrime event. A Computer Security Incident Response Team (CSIRT) is usually initiated when a report of a cybercrime event is taking place.

A typical CSIRT will consist of cross-disciplined members that include:

  • Cyber Security
  • Networking
  • Infrastructure
  • Human Resources
  • Management

The team will follow predefined policies or procedures regardless of the type of cybercrime event. These policies or procedures focus on the following:


One of the first tasks that must be taken is to stop the cybercrime that is taking place and prevent it from doing further damage (contain it). Containment will vary based upon the type of cybercrime that is taking place. If a ransomware attack was taking place, unaffected computers would be removed from a network to prevent further damage.


Once the cyber attack has been identified and contained, the next step will be to eradicate the threat. Similar to the containment phase, the eradication methods used will vary based on the type of attack. If the cybercrime involved the spreading of malware, all infected computers could need to be restored back to their factory image depending on the severity.


The final step of the process will be to recover from the attack and get back to business. This means getting all affected systems back to a production state. This usually involves validation that the attack has been thwarted and no residue of the attack remains on the network. Recovery could take a lengthy period of time depending on the type of attack.


While threat actors have various tools that can be used to commit cybercrime, CSIRT members have various tools available to them to contain, eradicate, and recover from a cyber attack. It is important to note, that while a tool can be used, skilled professionals are needed to properly use the tools. If a tool is improperly used, additional damage could occur. An example of tools used during the three stages are:

  • Wireshark
  • Forensic Tool Kit
  • Carbonite

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account