Thousands of users of Yahoo.com last week unknowingly infected their PC or other device when they visited the site due to a malicious ad. Users didn't even need to click on the ad to get infected.
Welcome to cyber attacks 2014.
That's not the only new attack of malicious online activity.
Ransomware, such as Crytolocker, has emerged as a new favorite and it's expected to become a major threat early this year, said Jerry Irvine, chief information officer of Schaumburg-based Prescient Solutions. He's also a member of the National Cyber Security Task Force, a joint effort between the U.S. Chamber of Commerce and U.S. Department of Homeland Security.
Ransomware infects your PC or other device by grabbing all your data, then posting a notice on your screen that demands a fee, ranging in the hundreds of dollars, from the user if they want their data restored, Irvine said.
"You're expected to send money in order to get your machine back, but no one has been able to track exactly where this money is going," he said.
Irvine, as a member of the task force, has been meeting regularly in Washington, D.C., to help combat these cyber crimes and to help both businesses and individual consumers.
Besides the typical line of infection, where the user directly downloads the virus by mistake, another route is fast emerging. That involves individuals who use their personal devices for business. If that personal device becomes infected, it can easily load onto their company's network, Irvine said.
"More and more people are bringing their personal smartphone to work and downloading company documents or using it in some way to do their work," Irvine said. "But that just puts the company at risk, too."
The company needs to provide more personal management and support for personally used phones. Often that involves more IT personnel time, software and other resources that could be costly down the road, more costly than if the company just provided its own business phone to the employee, he said.
"It costs more in the long run if a company allows its workers to use their own devices," Irvine said. "It costs more for the company to monitor it than it's worth."
Irvine is loaded with advice, some of it that has become a mantra of online users: Don't open a link or an attachment that arrives in an unsolicited email, especially from someone you don't know; if something arrives from someone you know, but doesn't appear to be their normal email, contact that person and ask if that's what they intended to send you; update your virus software regularly; and consider a virus software for your mobile device downloaded from your manufacturer.
Also, companies should invest in more education for its workers, so they're aware of the risks involved for their own device as well as the impact on the company network, Irvine said.
• Follow Anna Marie Kukec on LinkedIn and Facebook and as AMKukec on Twitter. Write to her at firstname.lastname@example.org.