Major New Microsoft Defender Update Will Block One of the Most Dangerous Kinds of Cyberattack

Major New Microsoft Defender Update Will Block One of the Most Dangerous Kinds of Cyberattack

Microsoft has announced a major update to its Defender security suite, which will now automatically block one of the most notorious types of cyberattacks: email bombing. The new feature is already rolling out and should reach most users by the end of July 2025.

Email bombing is a tactic in which threat actors flood a victim's inbox with hundreds or thousands of junk emails in quick succession, overwhelming their mailbox and confusing them. This can be done by subscribing the victim to countless newsletters at once or using a dedicated cybercriminal service. The attackers' goal is to overwhelm the inbox and gain access to the victim's computer, often through cold calls posing as IT staff members.

The attack sequence typically goes like this: the attackers send an initial wave of emails, which can be accompanied by a series of phone calls claiming that there's a company-wide problem with emails. Once they gain access, they can drop malware, exfiltrate passwords and sensitive data, or deploy ransomware. Multiple hacking groups have used email bombing in their attacks, including BlackBasta, 3AM ransomware affiliates, and cybercriminals linked to the FIN7 group.

Microsoft's new detection capability is designed to help protect organizations from this growing threat. The 'Mail Bombing' detection will automatically identify and block these attacks, helping security teams maintain visibility into real threats. According to Microsoft, once introduced, the new feature will be turned on by default, requiring no action from the user's side.

"We're introducing a new detection capability in Microsoft Defender for Office 365 to help protect your organization from a growing threat known as email bombing," said Microsoft in its message center update. "This form of abuse floods mailboxes with high volumes of email to obscure important messages or overwhelm systems. The new 'Mail Bombing' detection will automatically identify and block these attacks, helping security teams maintain visibility into real threats."

With this new feature, users can rest assured that their organization's email accounts are better protected against such malicious activities.