New Email Bombing Protection Rolls Out in Microsoft Defender for Office 365
A hacker attacks companies through the email inbox-with thousands of messages in one fell swoop. Microsoft is now responding to such scenarios with a new protective mechanism in Defender for Office 365, which recognizes and ward off attacks.
Microsoft arms up
From now on, Microsoft Defender automatically detects so-called email bombing attacks, in which corporate networks in particular are to be paralyzed with a massive flood of emails. A particularly perfidious tactic is hidden behind the harmlessly sounding term: the mailboxes of their targets flood with thousands of emails within a very short time.
Defender for Office 365 stops email flood
This is often done by mass registrations for newsletters or with the help of criminal bot services. The aim of the overload is to disguise important messages, to confuse security mechanisms – and in the worst case to create a back entrance for malware or ransomware.
Invisible protection that applies on its own
The new identification function in Defender for Office 365 is gradually rolled out and should be available for all corporate customers by the end of July (via Merill Fernando). The function works completely automatically, a manual configuration is not required. In the future, striking floods of email land directly in the junk folder before you can do damage.
Security managers can find the new protective function in the Threat Explorer, in the email overview window and in the “Advanced Hunting” tool. There you get an insight into running mail bombing campaigns and can react faster to real dangers. The distribution of auto detection has started. The introduction is expected to be completed at the end of July.
We introduce a new identification function in Microsoft Defender for Office 365 to protect your company from a growing threat, the so-called email bombing. In this form of abuse, mailboxes with large amounts of emails are flooded in order to disguise important messages or overload systems. The new “Mail Bombing” recognition automatically identifies and blocks these attacks and helps security teams to keep an overview of real threats. Microsoft Message Center ID 1096885
Old stitch, new perpetrator
The first documented attacks of this kind are enough according to that Online magazine Bleeping Computer By the way, a year back. Infographic Cyber Security: E-mails remain the greatest security risk. The Ransomware group Blackbasta, which specifically flooded with spam, was particularly noticeable-and then replaced by phone. In fictitious IT support talks, the perpetrators managed to manipulate stressed employees by attacking.
Then follows the next trick, which should be better known: via long-distance maintenance tools such as Anydesk or Windows Quick Assist, they gained access to the systems-and installed spy software or blackmail trojans unnoticed. In the meantime, tactics are also in use in other groups such as the author of the 3 AM-Ransomware or the notorious Fin7 group. They also camouflage themselves as technical helpers to capture passwords and access data.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
