I don't like to downplay genuine threats. Damaging attacks won't pass us by if we have our heads in the sand. But there's also a point where we have to realize it's not a dramatic crusade we're up against. Sometimes, an attack is just an attack, and the best defensive measures are the same as they ever were.
The latter part is what I feel lately as I read one story after the next about recent attacks on the banking sector.
The latest story has Mor Ahuvia, cybercrime communication specialist at security firm RSA, warning that another wave of attacks is looming, this one aimed at stealing big money. "A cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign," she wrote in a blog post quoted by CSO correspondent Taylor Armerding. "Planned for this fall, the blitzkrieg-like series of Trojan attacks is set to be carried out by approximately 100 botmasters. RSA believes this is the making of the most substantial organized banking-Trojan operation seen to date."
[In depth: Organized cybercrime revealed]
Much has been made about the DDoS attacks against the banks. We hear a lot about these being the work of hacktivist gangs like Izz al-Din al-Qassam Cyber Fighters, the so-called military wing of Hamas. The word "hacktivist" is tossed around liberally, and some vendors verbally quake over what these groups might do in the future.
Like I said, I don't want to downplay genuine threats, and there is plenty to worry about in these attacks. But I can't help but look at this and say to myself, "Nothing new to see here. Move along."
Call it what you want. The reality is that malware is getting more sophisticated all the time, and attacks are getting easier to launch all the time.
Individual organizations, whether they are private companies or the U.S. Defense Department, need to be on guard for these two realities and mount a more effective defense.But throwing the FUD around will also probably push organizations into buying security products that won't give them the defenses they really need.
If scaring the banks by telling them hacktivists are gunning for them specifically makes them take their security procedures more seriously, maybe that's not such a bad thing.
[Related stories: Banks can only hope for the best with DDoS attacks | Wells Fargo recovers after site outage | Theories mount on bank attacks, but experts stress defense | Arab hackers attack Western websites over film | Best defense against cyberattacks is good offense, says former DHS official]