Microsoft says its Defender for Workplace 365 cloud-based e-mail safety suite will now robotically detect and block e-mail bombing assaults.
Defender for Workplace 365 (previously referred to as Workplace 365 Superior Risk Safety or Workplace 365 ATP) protects organizations working in high-risk industries and coping with subtle risk actors from malicious threats from e-mail messages, hyperlinks, and collaboration instruments.
“We’re introducing a brand new detection functionality in Microsoft Defender for Workplace 365 to assist defend your group from a rising risk referred to as e-mail bombing,” Redmond explains in a Microsoft 365 message heart replace.
“This type of abuse floods mailboxes with excessive volumes of e-mail to obscure vital messages or overwhelm programs. The brand new ‘Mail Bombing’ detection will robotically determine and block these assaults, serving to safety groups preserve visibility into actual threats.”
The brand new ‘Mail Bombing’ characteristic began rolling out in late June 2025 and is predicted to achieve all organizations by late July. It is going to be toggled on by default, requires no guide configuration, and can robotically ship all messages recognized as a part of a mail bombing marketing campaign to the Junk folder.
As the corporate defined over the weekend, Mail Bombing is now out there for safety operations analysts and directors as a brand new detection kind in Risk Explorer, the Electronic mail entity web page, the Electronic mail abstract panel, and Superior Looking.
In mail bombing assaults, risk actors flood their targets’ e-mail inboxes with hundreds or tens of hundreds of messages inside minutes, both by subscribing them to a lot of newsletters or utilizing devoted cybercrime providers that may ship a large variety of emails.
Normally, the attackers’ final objective is to overload e-mail safety programs as a part of social engineering schemes, paving the best way to malware or ransomware assaults that may assist exfiltrate delicate information from victims’ compromised programs.
Electronic mail bombing has been employed in assaults by numerous cybercrime and ransomware teams for over a yr. It started with the BlackBasta gang, which used this tactic to fill their victims’ mailboxes with emails inside minutes earlier than launching their assaults.
They’d comply with up with voice phishing chilly calls, posing as their IT help groups to trick overwhelmed workers into granting distant entry to their units utilizing AnyDesk or the built-in Home windows Fast Help software.
After infiltrating their programs, the attackers would deploy numerous malicious instruments and malware implants, enabling them to maneuver laterally via company networks earlier than deploying ransomware payloads.
Extra lately, e-mail bombing has been adopted by a 3AM ransomware affiliate and cybercriminals linked to the FIN7 group, who’ve additionally spoofed IT help in social engineering assaults geared toward persuading workers to surrender their credentials for distant entry to company programs.
Patching used to imply complicated scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and concentrate on strategic work — no complicated scripts required.
