Microsoft says its Defender for Workplace 365 cloud-based electronic mail safety suite will now routinely detect and block electronic mail bombing assaults.
Defender for Workplace 365 (previously generally known as Workplace 365 Superior Menace Safety or Workplace 365 ATP) protects organizations working in high-risk industries and coping with refined menace actors from malicious threats from electronic mail messages, hyperlinks, and collaboration instruments.
“We’re introducing a brand new detection functionality in Microsoft Defender for Workplace 365 to assist shield your group from a rising menace generally known as electronic mail bombing,” Redmond explains in a Microsoft 365 message heart replace.
“This type of abuse floods mailboxes with excessive volumes of electronic mail to obscure necessary messages or overwhelm techniques. The brand new ‘Mail Bombing’ detection will routinely determine and block these assaults, serving to safety groups preserve visibility into actual threats.”
The brand new ‘Mail Bombing’ characteristic began rolling out in late June 2025 and is anticipated to succeed in all organizations by late July. Will probably be toggled on by default, requires no guide configuration, and can routinely ship all messages recognized as a part of a mail bombing marketing campaign to the Junk folder.
As the corporate defined over the weekend, Mail Bombing is now out there for safety operations analysts and directors as a brand new detection sort in Menace Explorer, the E mail entity web page, the E mail abstract panel, and Superior Searching.
In mail bombing assaults, menace actors flood their targets’ electronic mail inboxes with 1000’s or tens of 1000’s of messages inside minutes, both by subscribing them to numerous newsletters or utilizing devoted cybercrime providers that may ship a large variety of emails.
Typically, the attackers’ final aim is to overload electronic mail safety techniques as a part of social engineering schemes, paving the best way to malware or ransomware assaults that may assist exfiltrate delicate knowledge from victims’ compromised techniques.
E mail bombing has been employed in assaults by varied cybercrime and ransomware teams for over a 12 months. It started with the BlackBasta gang, which used this tactic to fill their victims’ mailboxes with emails inside minutes earlier than launching their assaults.
They might observe up with voice phishing chilly calls, posing as their IT assist groups to trick overwhelmed staff into granting distant entry to their units utilizing AnyDesk or the built-in Home windows Fast Help device.
After infiltrating their techniques, the attackers would deploy varied malicious instruments and malware implants, enabling them to maneuver laterally by company networks earlier than deploying ransomware payloads.
Extra lately, electronic mail bombing has been adopted by a 3AM ransomware affiliate and cybercriminals linked to the FIN7 group, who’ve additionally spoofed IT assist in social engineering assaults geared toward persuading staff to surrender their credentials for distant entry to company techniques.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key strategies utilized by cloud-fluent menace actors.
