These types of attacks are extremely hard to defend against.
Considering the nature of the attacker (and the HN comments about the guy at the time of the attack) my take away of ubiquiti from this event and their response was positive. I also down ranked my expectation of Krebs’ accuracy.
It’s not personal - he writes lots of great stuff, but his response to being wrong in this case was worse than Ubiquiti’s response to the incident.
Their response, which was to not disclose the breach? Or their late response, which was a vague email you might need to change your credentials? Or the fact that their cloud environment was a joke run by a one man show?
It's like Okta. Of course it's hard to protect against an insider ( although Ubiquti didn't really try), but that's not an excuse to screw up the disclosure.
Its really not that hard to defend / audit the actions of a single lone wolf, even if they're the head of security.
This is just more and more embarrassment for a company that clearly just doesn't understand security, and yet wants to force all their users of their products to rely on them as a trust model by making all of their ongoing product systems completely cloud reliant or at least holding third party root keys to sell ads / customer telemetry.
Considering the nature of the attacker (and the HN comments about the guy at the time of the attack) my take away of ubiquiti from this event and their response was positive. I also down ranked my expectation of Krebs’ accuracy.
It’s not personal - he writes lots of great stuff, but his response to being wrong in this case was worse than Ubiquiti’s response to the incident.