The attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking.

But customer-facing websites are just a small part of very complicated banking systems consisting of sometimes thousands of back-end applications that are being prodded by attackers, said Scott Hammack, CEO of Prolexic, a company based in Hollywood, Florida, which specializes in defending against distributed denial-of-service (DDOS) attacks.

The attackers "have absolutely done their homework on these large companies," Hammack said. "They've found many, many weak spots, and their attacks are very focused on those weak links."

Prolexic is in a unique position to observe the attacks. The financial institutions victimized by the attacks last week are its customers, although confidentiality agreements with the banks prevent Prolexic from directly naming the companies, said Prolexic's president, Stuart Scholly.

The attacks have consumed up to 70Gbps of bandwidth, well beyond the 1Gbps to 10Gbps circuits that large companies tend to rent, Scholly said.