Microsoft Defender for Office 365 Enhances Protection Against Email Bombing Attacks

Microsoft has announced that its Defender for Office 365 will now automatically detect and block email bombing attacks, a growing threat that floods inboxes with excessive emails to obscure important messages and overwhelm systems.

Microsoft Defender for Office 365 Enhances Protection Against Email Bombing AttacksMicrosoft Defender for Office 365 Enhances Protection Against Email Bombing Attacks

This new feature, introduced in late June 2025, is designed to protect organizations, especially those in high-risk industries, from malicious email threats. The 'Mail Bombing' detection capability will be enabled by default, requiring no manual setup, and will automatically redirect suspected emails to the Junk folder.

Email bombing attacks involve cybercriminals inundating targets with thousands of emails in a short time, often using subscription services or dedicated cybercrime tools. The goal is to overload email security systems, facilitating subsequent malware or ransomware attacks.

Microsoft Defender for Office 365 Enhances Protection Against Email Bombing AttacksMicrosoft Defender for Office 365 Enhances Protection Against Email Bombing Attacks

This tactic has been used by various cybercrime groups, including the BlackBasta gang, which employed email bombing to distract victims before launching attacks. More recently, it has been adopted by affiliates of the 3AM ransomware group and the FIN7 organization, who use social engineering techniques to trick employees into granting remote access to corporate systems.

With this new detection capability, Microsoft aims to help security teams maintain visibility and protect against these sophisticated threats.