Microsoft has declined rumors about its communication platform Teams being used by cybercriminals to install ransomware on company networks.
The speculations from unknown sources are circulating online in early November after many companies in Spain affected by the “DoppelPaymer” ransomware.
Besides rejecting rumors, Simon Pope, Director of Incident Response at the Microsoft Security Response Center (MSRC), also addressed the second set of rumors that claimed attackers might have used the BlueKeep RDP vulnerability to install the DoppelPaymer ransomware.
“Microsoft has been investigating recent attacks by malicious actors using the DopplePaymer ransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated and found no evidence to support these claims,” Simon Pope said in a post.
“In our investigations, we found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network,” Pope added.
Microsoft stated that protection from Dopplepaymer and other malware is available for customers using Windows Defender. The company stated that it’s committed to helping businesses and governments across the globe to prevent cyber threats and continue to enhance its security services to identify new emerging threats.
A couple of months ago, Microsoft revealed that it discovered two new security flaws in its Windows Desktop Services package. Security officials at Microsoft stated that the two vulnerabilities, dubbed CVE-2019-1181 and CVE-2019-1182, can be exploited by attackers to launch “Wormable Attacks” that spread across different network systems without a user’s knowledge. Microsoft also stated the present flaws are like the vulnerability known as BlueKeep (CVE-2019-0708), which was patched in May 2019.
According to Microsoft, the infected versions of Windows due to the flaws included, Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, and other versions of Windows 10. However, Windows Server 2003, Windows XP and Windows Server 2008 are not affected due to the flaws.