North Korea sets up fake security firm lure per The Hacker News

Remember the reports back in January about North Korean attackers trying to lure security researchers with malware to investigate? They really went all out. There is a fake security firm, “SecuriElite” and social media accounts, like TrendMacro, with links back to the poisoned site. Attackers are getting better at dissolving and reappearing elsewhere, in a game of adversary “whak-a-mole”. Our job is to consider how else, where else, they can play this strategy.

Update: Ubiquiti – it just gets worse per Bleeping Computer

We knew this was coming, right? Ubiquiti now says there was an extortion attempt back in January when that breach happened – but not to worry, no indication that source code or client data was taken. Hmm 🤨 After this past year of extortion ransomware, and the massive pwnage of the Accellion breach, I am sceptical. Especially since there wasn’t really any logging system in place to verify what the attacker got into. There are big lessons in here for all of us.

Don’t neglect your firmware per ZDNet

“Out of sight, out of mind” is not a cyber security best practice. Unfortunately, that sums up how most of us handle firmware updates and awareness. Yet, it’s where we keep credentials and encryption keys. Per the Microsoft Security Signals report for March, 80% of enterprises have had a security incident involving firmware but less than 1/3 of security budgets are invested in protecting it.

Firmware attacks are specialized, and may target UEFI or hardware drivers. Visibility is a problem, because firmware is that layer below what AV and detection services are made to monitor. It’s the purview of advanced persistent adversaries with resources. Think stealth, dwell time and painful compromise – what you can’t see will hurt you.