Microsoft says its Defender for Workplace 365 cloud-based e mail safety suite will now routinely detect and block e mail bombing assaults.
Defender for Workplace 365 (previously referred to as Workplace 365 Superior Risk Safety or Workplace 365 ATP) protects organizations working in high-risk industries and coping with subtle risk actors from malicious threats from e mail messages, hyperlinks, and collaboration instruments.
“We’re introducing a brand new detection functionality in Microsoft Defender for Workplace 365 to assist defend your group from a rising risk referred to as e mail bombing,” Redmond explains in a Microsoft 365 message middle replace.
“This type of abuse floods mailboxes with excessive volumes of e mail to obscure necessary messages or overwhelm methods. The brand new ‘Mail Bombing’ detection will routinely establish and block these assaults, serving to safety groups keep visibility into actual threats.”
The brand new ‘Mail Bombing’ function began rolling out in late June 2025 and is anticipated to achieve all organizations by late July. Will probably be toggled on by default, requires no handbook configuration, and can routinely ship all messages recognized as a part of a mail bombing marketing campaign to the Junk folder.
As the corporate defined over the weekend, Mail Bombing is now out there for safety operations analysts and directors as a brand new detection kind in Risk Explorer, the E mail entity web page, the E mail abstract panel, and Superior Looking.
In mail bombing assaults, risk actors flood their targets’ e mail inboxes with 1000’s or tens of 1000’s of messages inside minutes, both by subscribing them to numerous newsletters or utilizing devoted cybercrime companies that may ship a large variety of emails.
Usually, the attackers’ final objective is to overload e mail safety methods as a part of social engineering schemes, paving the way in which to malware or ransomware assaults that may assist exfiltrate delicate knowledge from victims’ compromised methods.
E mail bombing has been employed in assaults by varied cybercrime and ransomware teams for over a yr. It started with the BlackBasta gang, which used this tactic to fill their victims’ mailboxes with emails inside minutes earlier than launching their assaults.
They’d comply with up with voice phishing chilly calls, posing as their IT assist groups to trick overwhelmed staff into granting distant entry to their units utilizing AnyDesk or the built-in Home windows Fast Help software.
After infiltrating their methods, the attackers would deploy varied malicious instruments and malware implants, enabling them to maneuver laterally by means of company networks earlier than deploying ransomware payloads.
Extra just lately, e mail bombing has been adopted by a 3AM ransomware affiliate and cybercriminals linked to the FIN7 group, who’ve additionally spoofed IT assist in social engineering assaults aimed toward persuading staff to surrender their credentials for distant entry to company methods.
Patching used to imply advanced scripts, lengthy hours, and countless fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, scale back overhead, and concentrate on strategic work — no advanced scripts required.
