In mail bombing attacks, threat actors flood their targets' email inboxes with thousands or tens of thousands of messages within minutes, either by subscribing them to a large number of newsletters or using dedicated cybercrime services that can send a massive number of emails. More recently, email bombing has been adopted by a 3AM ransomware affiliate and cybercriminals linked to the FIN7 group, who have also spoofed IT support in social engineering attacks aimed at persuading employees to give up their credentials for remote access to corporate systems. In most cases, the attackers' ultimate goal is to overload email security systems as part of social engineering schemes, paving the way to malware or ransomware attacks that can help exfiltrate sensitive data from victims' compromised systems. Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection or Office 365 ATP) protects organizations operating in high-risk industries and dealing with sophisticated threat actors from malicious threats from email messages, links, and collaboration tools. "We're introducing a new detection capability in Microsoft Defender for Office 365 to help protect your organization from a growing threat known as email bombing," Redmond explains in a Microsoft 365 message center update. As the company explained over the weekend, Mail Bombing is now available for security operations analysts and administrators as a new detection type in Threat Explorer, the Email entity page, the Email summary panel, and Advanced Hunting. Microsoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. Email bombing has been employed in attacks by various cybercrime and ransomware groups for over a year.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 30 Jun 2025 16:05:21 +0000