Is it me or are vendors opening up a big can of FUD over recent attacks against the banks? I don’t like to downplay genuine threats. Damaging attacks won’t pass us by if we have our heads in the sand. But there’s also a point where we have to realize it’s not a dramatic crusade we’re up against. Sometimes, an attack is just an attack, and the best defensive measures are the same as they ever were. The latter part is what I feel lately as I read one story after the next about recent attacks on the banking sector. The latest story has Mor Ahuvia, cybercrime communication specialist at security firm RSA, warning that another wave of attacks is looming, this one aimed at stealing big money. “A cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign,” she wrote in a blog post quoted by CSO correspondent Taylor Armerding. “Planned for this fall, the blitzkrieg-like series of Trojan attacks is set to be carried out by approximately 100 botmasters. RSA believes this is the making of the most substantial organized banking-Trojan operation seen to date.” [In depth: Organized cybercrime revealed] Much has been made about the DDoS attacks against the banks. We hear a lot about these being the work of hacktivist gangs like Izz al-Din al-Qassam Cyber Fighters, the so-called military wing of Hamas. The word “hacktivist” is tossed around liberally, and some vendors verbally quake over what these groups might do in the future. Like I said, I don’t want to downplay genuine threats, and there is plenty to worry about in these attacks. But I can’t help but look at this and say to myself, “Nothing new to see here. Move along.” Call it what you want. The reality is that malware is getting more sophisticated all the time, and attacks are getting easier to launch all the time. Individual organizations, whether they are private companies or the U.S. Defense Department, need to be on guard for these two realities and mount a more effective defense.But throwing the FUD around will also probably push organizations into buying security products that won’t give them the defenses they really need. If scaring the banks by telling them hacktivists are gunning for them specifically makes them take their security procedures more seriously, maybe that’s not such a bad thing. [Related stories: Banks can only hope for the best with DDoS attacks | Wells Fargo recovers after site outage | Theories mount on bank attacks, but experts stress defense | Arab hackers attack Western websites over film | Best defense against cyberattacks is good offense, says former DHS official] Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe