Social media has become a top target of hackers and mobile devices are expanding that target, IBM reported on Tuesday in its X-Force 2013 Mid-Year Trend and Risk Report.
Attacks on enterprises are getting increasingly sophisticated, the report said. Some attacks studied by IBM researchers were opportunistic -- exploiting unpatched and untested web applications vulnerable to basic SQL injection or cross-site scripting.
Others were successful, the report continued, because they violated the basic trust between end user and sites or social media personalities thought to be safe and legitimate.
"Social media has become a new playground for attackers," said Kevin Skapinetz, program director for product strategy for IBM Security Systems.
The report noted that a growing trend this year is the takeover of social media profiles that have a large number of followers. The trend continues to play a pivotal role in the way attackers are reaching their targets.
"It's one thing to get an email or spam from someone you've never heard of," Skapinetz said in an interview. "It's another thing to have one of your friends have their account compromised and send you a link that might interest you."
Traditional sources of online aggravation can't resist the siren call of social media, either. "Even if email is used in an attack, it will be under guise of coming from a social media account," he said. "Attackers are becoming more operationally sophisticated."
Social media attacks can affect more than the usual suspects, too. Social media exploits affect more than individuals; they can negatively impact enterprise brand reputation and cause financial losses, the report said.
Mobile devices are also becoming a hacker magnet. "Although mobile vulnerabilities continue to grow at a rapid pace, we still see them as a small percentage of overall vulnerabilities reported in the year," the report said.
What may be making matters worse is the proliferation of mobile devices in the workplace under Bring Your Own Device Programs. "BYOD -- what a nightmare that can be for any organization," HBGary's Threat Intelligence Director, Matthew Standart, said in an interview.
"It's difficult to protect your data even when you own all your devices and getting visibility into all your devices is a challenge in itself," Standard said. "Allowing users to bring their own devices increases the complexity tenfold."
The IBM report also noted that Distributed Denial of Service (DDoS) attacks are being used for more than just disrupting service at target sites. The attacks are being used as a distraction, allowing attackers to breach other systems in the enterprise.
"Both attacks and attack threats are being used as decoys," Marc Gaffan, co-founder of Incapsula, said in an interview.
Sign up for CIO Asia eNewsletters.