- A new feature for Microsoft Defender for Office 365 is currently being implemented
- Will send all email bombing messages to the garbage folder
- Most users should obtain it at the end of July 2025
Email bombardment, one of the most dangerous cybercrime tactics, will now automatically identify and mitigate in Office 365 thanks to a new Microsoft Defender update.
The function, which has already begun to be implemented, and should reach most users at the end of July 2025, will now send all emails identified as part of a email bombing campaign, directly to the garbage folder.
What is even better: once introduced, the new feature will ignite by default, which will require any action on the user side.
Malware installation
“We are presenting a new detection capacity at Microsoft Defender for Office 365 to help protect your organization from a growing threat known as email bombardment,” Microsoft said in its update of the message center.
“This form of abuse floods mailboxes with high email volumes to obscure important messages or overwhelming systems. The new detection of ‘mail bombing’ will automatically identify and block these attacks, helping security equipment to maintain visibility in real threats.”
Email bombardment is a tactic in which the threat actors find a victim, and then send hundreds, or even thousands, of emails in rapid succession (usually in minutes or hours).
The emails are sent by subscribing to the victim to innumerable newsletters at the same time, or by using a dedicated cybercriminal service. In any case, the large volume of messages overwhelms the entrance tray and confuses the victim.
The second step is to call the victim cold, identify as a member of the IT staff, tell them that there is a problem throughout the company with emails and request access to the computer through remote desktop solutions.
Once the attackers get access, they can release malware, exfiltrate passwords and other confidential data, or implement ransomware.
Multiple piracy groups have been using email bombings in their attacks, including BlackBasta, Ransomware 3am and cybercriminals linked to the FIN7 group.
Once introduced, the new function will be activated by default, which will not require any action on the user side.
Through Bleepingcomputer
