Denial-of-service attacks against financial networks are increasing, and recent reports say they’re costing banks as much as $100,000 per hour, according to American Banker.

The attacks are now also more likely to come in shorter, more intense bursts, with pauses in between as attackers apparently observe the bank website responses, Ovum senior analyst Rik Turner told the magazine. “We’re seeing lots of small attacks with intervals that allow the attackers to determine how efficiently the victims’ mitigation infrastructure is and how quickly it is kicking in,” he said.

In a survey of 510 companies by analytics firm Neustar, 91 percent said distributed denial-of-service (DDoS) attacks haven’t decreased as a threat in the past year, 85 percent reported multiple attacks, and 31 percent said their longest attacks lasted more than one day. Nearly one-third said they lose more than $100,000 in revenue per hour while DDoS attacks are going on.

And a Verisign report found that DDoS attacks against the financial industry doubled during Q4 of 2014 to account for 15 percent of all attacks. “Cybercriminals typically target financial institutions during the fourth quarter because it’s a peak revenue and customer interaction season,” said Verisign VP of technology Ramakant Pandrangi, according to American Banker.

What’s less clear is why cyberattackers keep at it, aside from inflicting costs on banks. Financial institutions have used cloud technology and improved defenses to make their responses to attacks much more effective in recent years. “They created more headroom by buying more bandwidth and by scaling the capacity of their Web infrastructure — for example, by buying more powerful Web servers,” Gartner research VP for network security Lawrence Orans said. “And they continue to spend millions on DDoS mitigation services. That’s where the real pain has been — the attackers forced the banks to spend a lot of money on DDoS mitigation.”

Some bank DDoS attacks have apparently been politically motivated, including attacks in 2014 against websites of Bank of America, JPMorgan Chase, and Fidelity Bank by a group calling itself the European Cyber Army. Another theory is that some cyberthieves use DDoS attacks as a diversion in order to plant malware to make breaches possible. Neustar’s study found 30 percent of financial-services companies found malware installed after a DDoS attack. But Gartner analyst Avivah Litan was skeptical: “These occurrences seem to be infrequent,” she said.