Major new Microsoft Defender update will now block one of the most dangerous kinds of cyberattack

News
By published

Microsoft Office 365 users will be protected from email bombing

Users display warnings about the use of artificial intelligence (AI), access to malicious software or threats to online hackers. computer cyber security Warning concept or tech scam.
(Image credit: Shutterstock)
  • A new feature for Microsoft Defender for Office 365 is currently being rolled out
  • It will send all email bombing messages to the junk folder
  • Most users should get it by the end of July 2025

Email bombing, one of the more dangerous cybercrime tactics, will now automatically be identified and mitigated in Office 365 thanks to a new Microsoft Defender update.

The feature, which already started rolling out, and should reach most users by the end of July 2025, will now send all emails identified as part of an email bombing campaign, straight to the junk folder.

What's even better - once introduced, the new feature will be turned on by default, requiring no action from the user’s side.

Get 55% off Incogni's Data Removal service with code TECHRADAR

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.

View Deal

Installing malware

"We're introducing a new detection capability in Microsoft Defender for Office 365 to help protect your organization from a growing threat known as email bombing," Microsoft said in its message center update.

"This form of abuse floods mailboxes with high volumes of email to obscure important messages or overwhelm systems. The new 'Mail Bombing' detection will automatically identify and block these attacks, helping security teams maintain visibility into real threats."

Email bombing is a tactic in which threat actors find a victim, and then send hundreds, or even thousands, of junk emails in quick succession (usually in minutes, or hours).

The emails are sent either by subscribing the victim to countless newsletters at once, or by using a dedicated cybercriminal service. In any case, the sheer volume of messages overwhelms the inbox and confuses the victim.

The second step is to cold-call the victim, identify as a member of the IT staff, tell them there is a company-wide problem with emails, and request access to the computer through remote desktop solutions.

Once the attackers gain access, they can drop malware, exfiltrate passwords and other sensitive data, or deploy ransomware.

Multiple hacking groups have been using email bombing in their attacks, including BlackBasta, 3AM ransomware affiliates, and cybercriminals linked to the FIN7 group.

Once introduced, the new feature will be turned on by default, requiring no action from the user’s side.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.