I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system.
"Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States." --- secretservice.gov
Yikes.. you consider a private company's business to be the financial and payment system of the United States?
Look at ADP and their finance payment system statistics. VERY large. Understandable for some financial systems to be possibly considered a financial and payment system of the US.
NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. Please note that all communications and information transmitted through this email system may be monitored by NetSuite or its agents and that all incoming email is automatically scanned by a third party spam and filtering service.
The USSS has jurisdiction over all DDoS (threats to critical infrastructure).
So then why is there a cyber command and a cyber group part of homeland security charged with protection of critical infrastructure if critical infrastructure is the responsibility of USSS? Looks like we have too many keystone cops (the AF advertises an operational Cyber Command with nothing really there) who might fall over one another not to mention get in the way of the owners of the infrastructure who probably know it better than the feds.