Reports suggested cyber-criminals are using Microsoft Teams and have conducted ransomware attacks in Spain. Twitter accounts forwarded Teams as the channel for the attacks. None of these accounts were involved in the investigation into the attacks. Microsoft has responded and said Teams was not involved. “Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware,” said Simon Pope, Director of Incident Response at the Microsoft Security Response Center (MSRC). “There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads,” Pope added. “Our security research teams have investigated and found no evidence to support these claims,” the Microsoft executive added. “In our investigations we found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network.” Pope also took the time to deny another rumor that the BlueKeep vulnerability was used to install the recent DoppelPaymer ransomware attack. The most interesting thing about Pope’s blog is this is a rare move from Microsoft. Clearly, with Microsoft Teams facing a big rivalry with Slack, the company feels the need to stand up for its platform.
Growing Rivalry
Earlier this week, Microsoft confirmed its Microsoft Teams workplace chat service now has over 20 million active daily users. Slack replied yesterday by arguing Microsoft’s apparent success was largely misleading: “As we’ve said before, you can’t transform a workplace if people aren’t actually using your product,” a Slack spokesperson said. “Slack continues to see unmatched engagement on our platform with 5+ billion weekly actions, including 1+ billion mobile actions. Among our paid customers, users spend more than 9 hours per workday connected to our service, including spending about 90 minutes per workday actively using Slack.”