Microsoft says its Defender for Workplace 365 cloud-based e mail safety suite will now mechanically detect and block e mail bombing assaults.
Defender for Workplace 365 (previously often known as Workplace 365 Superior Menace Safety or Workplace 365 ATP) protects organizations working in high-risk industries and coping with subtle menace actors from malicious threats from e mail messages, hyperlinks, and collaboration instruments.
“We’re introducing a brand new detection functionality in Microsoft Defender for Workplace 365 to assist defend your group from a rising menace often known as e mail bombing,” Redmond explains in a Microsoft 365 message middle replace.
“This type of abuse floods mailboxes with excessive volumes of e mail to obscure necessary messages or overwhelm methods. The brand new ‘Mail Bombing’ detection will mechanically determine and block these assaults, serving to safety groups preserve visibility into actual threats.”
The brand new ‘Mail Bombing’ characteristic began rolling out in late June 2025 and is anticipated to achieve all organizations by late July. It will likely be toggled on by default, requires no guide configuration, and can mechanically ship all messages recognized as a part of a mail bombing marketing campaign to the Junk folder.
As the corporate defined over the weekend, Mail Bombing is now out there for safety operations analysts and directors as a brand new detection sort in Menace Explorer, the Electronic mail entity web page, the Electronic mail abstract panel, and Superior Searching.
In mail bombing assaults, menace actors flood their targets’ e mail inboxes with 1000’s or tens of 1000’s of messages inside minutes, both by subscribing them to a lot of newsletters or utilizing devoted cybercrime companies that may ship an enormous variety of emails.
Usually, the attackers’ final purpose is to overload e mail safety methods as a part of social engineering schemes, paving the best way to malware or ransomware assaults that may assist exfiltrate delicate information from victims’ compromised methods.
Electronic mail bombing has been employed in assaults by numerous cybercrime and ransomware teams for over a 12 months. It started with the BlackBasta gang, which used this tactic to fill their victims’ mailboxes with emails inside minutes earlier than launching their assaults.
They might comply with up with voice phishing chilly calls, posing as their IT assist groups to trick overwhelmed workers into granting distant entry to their units utilizing AnyDesk or the built-in Home windows Fast Help software.
After infiltrating their methods, the attackers would deploy numerous malicious instruments and malware implants, enabling them to maneuver laterally by means of company networks earlier than deploying ransomware payloads.
Extra just lately, e mail bombing has been adopted by a 3AM ransomware affiliate and cybercriminals linked to the FIN7 group, who’ve additionally spoofed IT assist in social engineering assaults aimed toward persuading workers to surrender their credentials for distant entry to company methods.
Patching used to imply complicated scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, scale back overhead, and concentrate on strategic work — no complicated scripts required.
