In the second quarter of this year almost 300,000 new mobile malware programs emerged as phones become a more appealing target for hackers.
Mobile banking has become a key target, with threats becoming more intelligent.
Kaspersky reveals that the Trojan-SMS.AndroidPS.OpFake.cc, reported in its Q1 2015 cyberthreats report, was capable of attacking no less than 29 banking and financial applications.
In Q2 this number surged almost three fold to 114, with attackers targeting a collection of login credentials so that several popular email applications can be attacked.
Mobile threat growth saw one million mobile malware installation packages in Q2, which is seven times greater than it was in Q1.
The threat malware poses has also been identified by FireEye which shone a light on a breach of US government networks, allegedly carried out by Russian government backed hackers who used Twitter and photos to distribute malware.
According to FireEye, a criminal organisation dubbed APT29 is using Twitter, GitHub and cloud storage services to extract data from compromised networks.
Hammertoss, the name of such attacks, work by retrieving commands via legitimate web services, with the infected machines then generating an algorithm which checks for different Twitter accounts. Hackers are then able to upload images with hidden code that can install malware.
Computer systems simply recognise a normal Tweet, making it difficult to identify any intrusion.
Laura Galante, director of threat intelligence, FireEye, said: "The novel approach APT29 takes to carry out its attacks and maintain their persistence in networks represents a level of difficulty that security professionals could see trickle down into their own network security operations."
Many attacks are aimed at stealing money through access to online bank accounts, however Kaspersky’s report identifies that attempted malware infections on the web reduced by 800,000 from Q1 to 5.9 million in Q2.
Despite this reduction in malware attacks, financial companies are still being faced with ultimatums’ from cybercriminals.
Hackers are extorting banks and other financial companies, demanding firms to pay ransoms of up to tens of thousands of dollars to keep their websites safe from a DDoS attacks.
Richard Jacobs, an FBI agent in charge of the New York cyber branch, said that over 100 businesses have been targeted by cyber criminals since April.
Jacobs told MarketWatch that hackers conduct DDoS attacks that increase a company’s web traffic with no valuable data in order to bring the service to a standstill.
Yaroslav Rosomakho, Principal Consulting Engineer, EMEA at Arbor Networks, said: "Hackers’ activities against internet services of financial institutions are on the rise, since these services are an absolutely critical part of daily business.
"Hackers realise that DDoS can be as disruptive as other more traditional attack methods and, unfortunately, still many organisations do not pay enough care to availability protection of their services and infrastructure.
Disruption of a financial company’s services could cost the business more than $100,000 per hour, according to Neustar.
While banking malware makes up the majority of the threat (83%), other threats are posed by Bitcoin miners (9%), Bitcoin wallet stealers (6%) and keyloggers (2%).
Additional figures from the report shows that the company detected and repelled 379.9 million malicious attacks; this is 19% lower than in Q1.
A fall in attacks aimed at Internet users’ computers was also seen, with 23.9 coming under a web-borne attack at least once; this is 2.4% lower than in Q1.
Co-authored by Joao Lima and James Nunns.
