>> With this in mind, we see that UEFI continues to be a point of interest to APT actors, while at large being overlooked by security vendors.
I often wondered why we didn't see more firmware malware out there. Perhaps because it varies between different firmware vendors, but I could see this becoming more of an issue if computer manufacturers look for more and more elaborate codebases in firmware to be able to do things outside of the OS. I do think the bigger target will be towards mobile devices in the next 10 years.
/r