Tech-Based Hybrid Warfare: The Need for Endpoint Cybersecurity
By Rex M. Lee
Friday, March 18, 2022 | Comments
Threats posed by nation-state hackers and intrusive apps are a result of “tech-based hybrid warfare” being waged by China, Russia, North Korea, Iran and other bad actors worldwide who are exploiting vulnerabilities within operating systems and popular apps that are distributed by Google, Apple, & Microsoft.

Furthermore, Google, Apple and Microsoft are enabling app developers from China and Russia to monitor, track, and data mine the Android OS, Apple iOS and Microsoft OS end user for financial gain as a result of partnerships with Chinese and Russian corporations that include ByteDance (TikTok-China), Tencent (WeChat-China), BAIDU (Android App developer/Google partner), and Prisma Labs (Android App developer-Russia).

Consistent with hybrid warfare, tech-based hybrid warfare targets everyone, including teens, children, business leaders/professionals, government/elected officials, and members of military and law enforcement who use smartphones, tablet PCs and other connected products supported by the Android OS, Apple iOS or Microsoft Windows OS.

This means that nation-state hackers, plus Chinese and Russian companies, are weaponizing endpoint devices supported by these popular operating systems as a means to launch attacks on any network, including critical infrastructure.

Additionally, app developers from adversarial countries are using popular apps and social media platforms, such as TikTok and WeChat, as vehicles to surveil and data mine the Android OS, Apple iOS, and Microsoft Windows OS end user for profits 24x7/365 days per year, whether the end user is an adult, teen, child or business/government end user.

ByteDance’s social media app TikTok, which can be described as “legal malware”, is being distributed by way of app stores owned by Microsoft, Google and Apple, as well as preinstalled software that is included with the Microsoft Windows 11 OS, posing massive privacy and cybersecurity threats to billions of Microsoft Windows 11 OS end users, including business end users, worldwide.

For example, a single intrusive app enables the developer, including those from China and Russia, to conduct surveillance on the end user while enabling the developer to collect more than 5,000 highly confidential data points associated with the end user’s personal, business, medical, legal and employment related information as a result of the end user using their smartphone for personal, business and employment purposes.

What is more concerning about TikTok is the fact that a member of the Chinese government was added to the board of ByteDance exposing corporate information to the Chinese Government according to a 2021 Bloomberg/Yahoo Finance report.

This means that TikTok end users could be exposing highly confidential personal and business information to the Chinese Communist Party (CCP) posing massive cybersecurity and privacy threats to TikTok end users, including the end user’s employer.

Vulnerabilities within Windows OS
Today endpoint cybersecurity is not being addressed 100% by chief information officers (CIOs), chief information security officers (CISOs) or IT/cybersecurity professionals due to a hyper focus on traditional network cybersecurity.

As a result of “tech-based hybrid warfare”, nation-state hackers from China, Russia, North Korea and Iran are exposing vulnerabilities within the Android OS, Apple iOS and Microsoft Windows OS to launch ransomware, distributed denial of service (DDoS) and man-in-the-middle (MITM) attacks on networks, including critical infrastructure.

Aside from the OS, intrusive apps that support smartphones, tablet PCs, connected products and PCs are also being used to launch attacks on networks while enabling the developers to monitor, track and data mine the end user, posing massive privacy and cybersecurity threats to the end user, plus the end user’s employer.

For example, Lazarus, a North Korean state-sponsored hacker group, recently exploited Microsoft’s Windows OS to launch Trojan horse malware attacks on networks rather than using traditional hacking methods centered on infiltrating a network via telecom infrastructure or using email to launch an attack according to a report by ESET security researcher Anton Cherepanov.

As I reported in my 2019 MissionCritical Communications Magazine article, “The Rise of Foreign Cybersecurity Threats”, vulnerabilities within the Microsoft Windows 10 OS were used by Russian state-sponsored hackers to launch attacks, via Triton Trisis malware, on the industrial control systems (ICS) of the Petro Rabigh oil refinery in Saudi Arabia in order to cause an explosion.

Triton Trisis evolved from NotPetya ransomware (Black Energy Malware), which is used by Russian state-sponsored hackers to attack critical infrastructure within Ukrainian utilities as part of Russia’s invasion of Ukraine.

NotPetya, plus other ransomware, is known as “crash-override malware” which can be installed by using plug-ins associated with the Windows OS and Linux, posing massive cybersecurity threats to critical infrastructure, including internet of things (IoT)/industrial IoT (IIoT) devices, and industrial control systems (ICS).

Trojan horse, Triton Trisis, Black Energy, and NotPetya malware attacks usually are launched as a result of an insider attack meaning that the attack was launched by an employee or through the organization’s supply chain which could include suppliers from adversarial countries such as China or Russia.

Dangerous and Intrusive Apps
Aside from the Windows OS, nation-state hackers can also launch DDoS and MITM attacks on networks by way of intrusive apps that are distributed by Google Play, Apple App Store and Microsoft App Store.

According to James Barclay, senior research and development (R&D) engineer at Duo Labs, Apple’s mobile device management (MDM) platform can be compromised by hackers, including nation-state hackers from China and Russia, to collect highly confidential end user personal and business information from Apple device and app end users, including businesses and government entities that use the MDM platform for security purposes.

“An attacker could use the serial number with the DEP (device enrollment program) API (application programmable interface) to retrieve the activation record (or DEP profile) and leak information about the organization, or be used in social-engineering attacks to, for example, call the help desk and give them the serial number asking for help ‘re-enrolling’ in the MDM server,” Barclay explained during an interview conducted by Lindsey O’Donnell of Threat Post in 2018.

As of this date, there is no record of Apple fixing this issue.

The Need to Decouple U.S. CI from China
Unknown to most Apple product owners and users is the fact that Apple uses servers located in China to store iCloud information uploaded by Apple iOS end users according to a CNN report.

Apple using critical infrastructure in China associated with iCloud is another example of why the U.S. government needs to mandate that technology providers and manufacturers decouple critical infrastructure, including manufacturing, from China, especially since China continues to be a threat to Taiwan while using forced labor associated with manufacturing.

As I have reported in the past, nation-state hackers from around the world have infiltrated popular app stores to have their malware inadvertently distributed by tech giants such as Google who have removed hundreds of these dangerous apps from Google Play over the past few years.

The use of Triton Trisis, and other malware that can be launched by way of operating systems, intrusive apps and MDM security platforms pose massive threats to utilities, governments, energy companies, utilities, the military and other entities supported by critical infrastructure.

Vulnerabilities within MDM Platforms/Security Apps
Although, MDM platforms will help secure connected devices, such as smartphones, by blocking intrusive third-party apps that are downloaded by the device user, MDM device platforms will not protect the end user from intrusive apps that are preinstalled into smartphones, tablet PCs, IoT/IIoT devices, connected products and PCs supported by the Android OS, Apple iOS or Microsoft Windows OS.

According to T-Mobile and Verizon**, any connected device supported by the Android OS, Apple iOS, or Microsoft Windows 8, 10, or 11 OS cannot be fully privatized or secured due to uncontrollable preinstalled surveillance & data mining technology in the form of intrusive apps developed by Google, Apple and Microsoft, plus their developer partners, including those from China such as BAIDU.

The reason the Android OS, Apple iOS or Microsoft Windows OS cannot be fully privatized or secured is due to the fact that all operating systems concerned are developed using an open API architecture in order to support intrusive apps which enable app developers to conduct surveillance on end users while data mining highly confidential personal and business information from the OS end user to exploit for profits.

Aside from being intrusive, many popular apps and social media platforms are intentionally designed to be addictive, posing safety threats to the end user as admitted by Meta (Facebook) cofounder Sean Parker during an Anxios interview in 2017.

This is what Mr. Parker had to say: “It’s a social validation feedback loop, the kind of thing that a “hacker” like myself would come up with, because you’re exploiting a vulnerability in human psychology … God only knows what it is doing to our children’s brains … It’s me, it’s Mark (Zuckerberg), Kevin Systrom of Instagram, it’s all of these people, understood this consciously…And we did it any ways.”

China and Russia are using the Android OS, Apple iOS, Microsoft Windows OS, intrusive apps and social media platforms as a means to conduct hybrid warfare, attack networks, conduct corporate espionage, spread propaganda (misinformation/disinformation), disrupt elections, and conduct surveillance and data mining technology users around the world.

The fact is Google, Apple and Microsoft are dependent on profits as a result of partnering with Chinese and Russian companies beholden to their governments, including the Chinese Communist Party (CCP), so these U.S. tech giants are not going stop distributing intrusive Chinese and Russian apps and social media platforms any time soon.

Additionally, Chinese and Russian companies are enabled by the U.S. government to hire powerful K-street law firms/lobbyists in order to influence U.S. lawmakers such as the case with ByteDance (TikTok-China) who hired American Continental Group (ACG) and lobbyist David Urban.

Due to massive profits as a result of predatory surveillance and data mining business practices rooted in “Surveillance Capitalism”, companies and government entities need to adopt best practices associated with endpoint cybersecurity in order to protect their networks, as well as their confidential and protected information including, intellectual property (IP) and classified information.

Endpoint Cybersecurity and Privacy Best Practices
Board members, senior executives, and government officials need to implement enterprise and organizational strategies centered on cybersecurity, intelligence, and securing confidential and protected information, including IP and classified information.

Every CEO, CIO, CISO, and IT/cybersecurity professional needs to be aware of intrusive and addictive apps and social media platforms, including those from China and Russia, plus ban their employees from using these intrusive apps on any smartphone, tablet PC, connected product or PC used for official company/government business.

Countries such as India have already been banning many of these Chinese and Russia apps from being used by their citizens dating back to 2018, yet the U.S. government, Google, Apple, and Microsoft continue to enable Chinese and Russian companies to surveil and data mine U.S. citizens for profits, even in light of Russia invading the Ukraine and China continuing to be a threat to Taiwan.

Every corporate attorney needs to review the end user licensing agreements (terms of use) that support operating systems, apps, platforms, and cloud storage platforms as a means to identify and mitigate risks associated with predatory and exploitive business practices employed by OS/app developers, and platform providers.

If possible, eliminate bring your own device (BYOD) programs, especially within the defense industry and critical infrastructure.

Explore using third-party device management solutions who provide MDM services as well as telephone expense management solutions, especially for companies who cannot afford to eliminate their BYOD programs.

Apple and Microsoft provide the best cybersecurity while enabling their end users to configure their connected devices, such as smartphones & PCs, for optimum privacy and security.

However, they will still be able to surveil and data mine their OS and app end users to some extent while sharing the end user’s personal and business information with third-parties known as their “trusted partners” according to their end user licensing agreements and/or terms of use.

Would you like to comment on this story? Find our comments system below.

Rex M. Lee is a Privacy and Cybersecurity Advisor, Tech Journalist and a Senior Tech/Telecom Industry Analyst for BlackOps Partners, Washington, DC. Find more information at My Smart Privacy, and see Rex speak at IWCE 2022 in Las Vegas on March 21.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!


March 2023

27 - 30
International Wireless Communications Expo (IWCE) 2023
Las Vegas

May 2023

23 - 25
Critical Communications World (CCW)
Helsinki, Finland

More Events >
White Papers
More White Papers >

Site Navigation