- A new feature for Microsoft Defender for Office 365 is currently being deployed
- He will send all the bombing messages by e-mail to the unwanted file
- Most users should get it at the end of July 2025
E-mail bombing, one of the most dangerous cybercrime tactics, will now be automatically identified and attenuated in Office 365 thanks to a new update of Microsoft Defender.
The functionality, which has already started to deploy and should reach most of the users by the end of July 2025, will now send all the emails identified as part of a bombing campaign by e-mail, directly in the junk file.
What is even better – once introduced, the new feature will be activated by default, requiring any action on the user’s side.
Installation of malware
“We are presenting a new detection capacity in Microsoft Defender for Office 365 to help protect your organization from a growing threat known as e-mail bombardment,” said Microsoft in its update of the message center.
“This form of abuse floods mailboxes with high e-mail volumes to obscure important messages or submerged systems.
E-mail bombing is a tactic in which threat actors find a victim, then send hundreds, even thousands of unwanted emails in rapid succession (usually in a few minutes or hours).
E-mails are sent either by subscribing the victim to countless newsletters at a time, or using a dedicated cybercriminal service. In any case, the volume of messages submerges the reception box and confuses the victim.
The second step is to call for cold the victim, identifying as a member of the IT staff, telling them that there is a problem on the scale of the company with emails and asking for access to the computer via remote desktop solutions.
Once the attackers have accessed, they can abandon malware, exfiltrate passwords and other sensitive data, or deploy ransomware.
Several hacking groups have used e-mail bombings in their attacks, notably Blackbasta, 3 am of the affiliates of the ransomware and cybercriminals linked to the Fin7 group.
Once introduced, the new feature will be activated by default, requiring any action on the user side.
Via Bleeping Compompute
