Defense companies facing array of new cyberthreats.

• Author: Magnuson, Stew

(*) Waterholes, crypto-lockers and Shodan.

These three terms are just a few of the new pitfalls out there for defense companies large and small that face a dizzying array of threats against their networks.

Criminals and spies remain unrelenting in their pursuit of what firms have, whether it is intellectual property' or financial data, cybersecurity professionals said in interviews.

The waterhole scheme is a twist on an old tactic, in which an adversary through an email tricks a company or government employee into clicking on a website that contains malware.

In this case, like a gazelle lured to the promise of a cool drink, the lion, or in this case the hacker, is in the bushes waiting to pounce.

The email contains a link to a website that appears to be perfectly legitimate, explained Paul Christman, public sector vice president at Dell Software.

"It looks like a legitimate link, but then tiiey hijack you to another site that injects malware. ... It is a sophisticated way of getting to users who are getting smarter about links. The first one looks clean, the second is not," he said.

Crypto-lockers, also known as ransom ware, is another troubling trend that can affect any company with valuable but perishable data, said Curt Aubley, chief technology officer and North American vice president at McAfee.

It begins again with an employee clicking on an attachment or linking to a website that allows a hacker into the network. The intruder searches for important data and then places encryption on it.

Next comes a message, Aubley said, "Look, we didn't steal your data. But we have encrypted it and you can't get to it, so if you pay us this amount of money, we will give you the key to unlock the data."

If the victim doesn't comply, die hacker has the power to let the perishable data expire or leave the encryption on, hesaid.

Individuals have been extorted for amounts as small as $250, but large companies have lost much more, he said.

The best defense is understanding where the important data is kept, ensuring that it is backed up and having an incident response plan in place, he said.

The new mantra in the cybersecurity world is: "No more free bugs," said Allen Harper, chief hacker and executive vice president at Tangible Security and lead author of Gray Hat Hacking: The Ethical Hacker's Handbook.

The bugs are better known as zero-day vulnerabilities. These are previously unknown holes in software programs diat hackers can use to penetrate systems...