The third theory is based on a fraud alert issued last week by the FBI, warning financial services firms that cybercriminals might try to disrupt their websites in an effort to distract them from noticing fraudulent wire transfers.
Two days after that alert, The Financial Services Information Sharing and Analysis Center (FS-ISAC), a group owned by dozens of large firms including Bank of America and JPMorgan Chase, raised the cyber threat level to "high" from "elevated" in an advisory to members.
The fourth theory says it was not an attack at all. WhiteHat's Bill Pennington, noting the recent outage at GoDaddy that was caused by an internal technical error, said it was possible that the multiple slowdowns and outages were simply a coincidence. That theory gains a bit of weight from the fact that there was no perceptible problem with the NYSE -- one of the declared targets of the Hamas group.
Jason Healey of the Atlantic Council, shares a fifth theory: That they might have been "simply a low-level attack in their own right, intended only to be disruptive to the websites themselves, and not to provide cover for other attacks," said Healey, a former security official at the White House and at Goldman Sachs.
"This is frankly common, with attacks by anti-capitalist groups, especially if there happens to be an IMF (International Monetary Fund), WEF (World Economic Forum), G7 or other conference," he said.
Solutionary's Kraus said his firm doesn't focus so much on where the attacks come from, but how to help clients prepare and respond to them. "They're not going away anytime soon," he said. "So preparation is key. It's like buying extended insurance coverage on a used car."
He also stresses a second important step: "Implementing mitigating controls and a formal incident response plan before an attack occurs," he said.
Kraus said when attacks do occur, a firm should leverage its relationship with its security vendor. "They've seen plenty of DDoS and phishing, and they can tell you what is probably going to happen again."
Finally, he said firms should conduct a "post-incident review," much like a military after-action report, to determine what worked and what didn't, and make improvements based on those findings.
From everything Kraus has seen, both banks handled the attacks well. "It was almost like they were brushing off an annoying fly," he said.
But he added that threats are always becoming more sophisticated. "Some malware is now as good as enterprise-class software," Kraus said.
Sign up for CIO Asia eNewsletters.