New Microsoft Defender for Office 365 Tool Could Save Your Inbox from Email Bombing

Microsoft Defender for Office 365 has introduced a new security feature designed to protect users from email-bombing attacks. This new capability started rolling out in late June, and it’s expected to hit general availability by the end of this month.

An email bombing attack is a type of cyberattack where a target’s inbox is flooded with an overwhelming number of emails in a short period. These emails are often generated by subscribing the victim to thousands of newsletters or services using automated tools. The goal is to disrupt normal communication, hide important messages (like security alerts or fraudulent activity), or exhaust the victim’s ability to respond effectively.

According to Microsoft, attackers can now combine email bombs with social engineering, such as impersonating IT support via Microsoft Teams, Zoom, or phone calls. These hybrid attacks aim to trick the victim into granting remote access, which leads to malware installation or remote theft. These email bombing attacks often precede more serious incidents like ransomware or data exfiltration.

How does Microsoft Defender for Office 365 block email bomb attacks?

Microsoft Defender for Office 365 now includes advanced detection technology to block email bombing attacks. This feature will continue to honour safe sender lists in Outlook, and it won’t unexpectedly move emails from trustworthy sources to the Junk folder.

“By intelligently tracking message volumes across different sources and time intervals, this new detection leverages historical patterns of the sender and signals related to spam content. It prevents mail bombs from being dropped into the user’s inbox and the messages are rather sent to the Junk folder (of Outlook),” Microsoft explained.

How to use the new Mail bombing detection technology in SOC experiences

Microsoft Defender for Office 365 customers can now view the new Detection technology as Mail bombing within three key areas, including Threat Explorer, Email entity page, and Advanced Hunting. SOC analysts can create custom detection rules in Defender for Office 365 to monitor and respond to email bombing attacks more proactively. These rules can track the frequency and volume of email bombing attempts and automatically trigger alerts when such attacks are detected.

Microsoft notes that the new SOC experiences are gradually rolling out to all commercial customers. This feature is enabled by default and doesn’t require any manual configuration. This new detection technology helps administrators gain visibility into email bombing attacks and take quick action to protect employees within their organizations.