IT staff are more likely to click on phishing links and are often worse at reporting threats than their peers elsewhere in the organization, according to new research from F-Secure.

The security vendor tested over 82,000 participants from four organizations to compile its study, To Click or Not to Click: What We Learned from Phishing 80,000 People. They were exposed to several tactics commonly used by cyber-criminals to steal data, deploy malware and conduct business email compromise (BEC).

Worryingly, in the two organizations studied where technical staff were tested, they showed a greater propensity to click.

In one of the companies, 30% of DevOps and 21% of IT staff clicked on test phishing emails, compared to an average of just 11% for all departments. In the other organization, the rate for DevOps was 26%, slightly higher than the average of 25% overall.

That’s despite more technical staff than the average claiming to be alert to the problem of phishing. In one organization, 17% of respondents said they had noticed a phishing email in their inbox in the past, versus 27% of IT and 29% of DevOps respondents.

In the other, the average for spotting phishing was 44% but shot up to 60% for those working in DevOps.

Technical staff members are also poor at flagging phishing attacks. In one organization, IT and DevOps came third and sixth out of nine departments in terms of reporting. In the other, DevOps was the twelfth best at reporting out of 17 departments, while IT came down in fifteenth place.

Matthew Connor, F-Secure service delivery manager and lead author of the report, claimed that over-confidence might be partly to blame for the results.

“I don’t believe you reduce susceptibility by teaching people about phishing. I believe you reduce susceptibility by making sure staff know the basics and by motivating them to want to spend the time and effort identifying and reporting phishing attacks,” he told Infosecurity.

“It is possible that the technical staff know what phishing is but have too much confidence in the technical protective measures in place and in their own ability to spot attacks. This leads them to be relaxed and susceptible, rather than alert and secure.”

Connor argued that reporting is a crucial link in the corporate security chain to help detect and prevent attacks and build resilience.

“Either technical staff in these organizations genuinely did not spot the phishing attempts and are not as adept as they may think, or they are not following the best practices to support the business,” he concluded.

“Ultimately for me, this study shows that technical staff need just as much support as the rest of the organization in combatting phishing.”

North Korea has experienced an internet outage that may have been caused by a cyber-attack.

The country lost internet access for approximately six hours on Wednesday morning local time. The incident was the second outage to hit North Korea in the past two weeks.

Junade Ali, a cybersecurity researcher who monitors various North Korean web and email servers from a location in Britain, told Reuters that the latest outage could have resulted from distributed denial-of-service (DDoS) attack.

Describing the recent incident, Ali said: “When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country.”

Within a few hours of the suspected DDoS attack, servers supporting email were back up and running. However, disruption and downtime continued to impact individual web servers of institutions, including North Korea’s ministry of foreign affairs, the Air Koryo airline, and Naenara – the official portal for the North Korean government.

Seoul-based news site NK Pro, which monitors events in North Korea, reported that log files and network records indicated that websites ending in .kp and hosted on North Korean web domains were mostly unreachable. The reason given for this was that North Korea’s Domain Name System (DNS) had ceased to communicate the routes that data packets are meant to take.

The news site observed that a similar incident had occurred in North Korea on January 14 2022. 

Ali said that how the server outage had occurred connoted that it was “the result of some form of network stress rather than something like a power cut.”

He said that no traffic was being sent to or from North Korea at the apex of the recent attack.

“It’s common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently. It isn’t common to see their entire internet dropped offline,” said Ali.

He added: “During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet.”

The National Security Agency has announced the winning entry to its ninth annual Best Cybersecurity Research Paper Competition.

The winning paper was written by Yanyi Liu from Cornell University and Rafael Pass, professor of Computer Science at Cornell Tech. It expounded a theorem that relates the existence of one-way functions (OWFs) to a measurement of the complexity of a string of text. 

“OWFs are vital components of modern symmetric encryptions, digital signatures, authentic schemes and more,” said an NSA spokesperson. 

“Until now, it has been assumed that OWF functions exist even though research shows that they are both necessary and sufficient for much of the security provided by cryptography.”

Titled On One-way Functions and Kolmogorov Complexity, the winning paper was published at the 2020 IEEE (Institute of Electrical and Electronics Engineers) Symposium on Foundations of Computer Science. 

The chief of NSA’s Laboratory for Advanced Cybersecurity Research picked the winning entry in a decision informed by the opinions of 10 distinguished international cybersecurity experts who independently reviewed the top papers among 34 nominations.

“One-way functions are a key underpinning in many modern cryptography systems and were first proposed in 1976 by Whitfield Diffie and Martin Hellman,” said an NSA spokesperson.

“These functions can be efficiently computed but are difficult to reverse, as determining the input based on the output is computationally expensive.”

The NSA gave an honorable mention to another paper, Retrofitting Fine Grain Isolation in the Firefox Renderer, written by Shravan Narayan, Craig Disselhoen, Tal Garfinkel, Nathan Froyd, Sorin Lerner Hovav Shacham and Deian Stefan.

Originally published at the USENIX Security Conference 2020, this paper provides a security solution in the Firefox web browser. The paper also demonstrated that the technology could be applied to other situations.

“NSA congratulates the winners, and recently opened the nomination process for the 10th Annual Best Scientific Cybersecurity Paper Competition on January 15 2022,” said the NSA.

The agency said it will welcome nominations of papers published during 2021 in peer-reviewed journals, magazines, or technical conferences that show “an outstanding contribution to cybersecurity science.”

The nomination period for the 10th annual Best Cybersecurity Research Paper Competition closes on 15 April 2022.