Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitation

A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation

Ross Kelly's avatar
By
published
in News
AI ransomware and cyber crime concept image showing a digitized human eye observing networks with computer code.
(Image credit: Getty Images)

Cyber criminals are shifting away from high-volume “spray and pray” threat campaigns toward more targeted attacks to “maximize impact against fewer victims”.

That’s according to new research from SonicWall, which recorded a 20% increase in the number of compromised organizations across the UK last year, even as broader ransomware volumes fell by 87%.

SonicWall noted that smaller businesses are among those most likely to be targeted in “big game hunting” ransomware campaigns. Figures published by the firm show ransomware was used in 88% of SMB breaches, for example.

That marks a stark contrast to larger enterprises, in which just 39% of cases involved ransomware.

“The UK data for 2025 highlights ransomware is evolving into Big Game Hunting,” said Spencer Starkey, executive VP for EMEA at SonicWall.

“On the surface, the 87% drop in overall attack volume might look like progress, but the reality is more alarming. More organisations are being successfully hit, and attackers are doing it with far greater precision."

Targeting “zombie tech”

SonicWall noted that threat actors are prioritizing attacks on organizations with less mature security environments, but also those operating on outdated infrastructure, or “zombie tech”.

Researchers highlighted a single decade-old vulnerability in Hikvision IP cameras accounted for 67 million attempted cyber attacks in the UK alone last year, representing 20% of all intrusion activities observed by the firm.

This single case underlines the risks posed to enterprises by vulnerabilities flying under the radar, according to SonicWall – and it comes at a time when flaws are being exploited at an even quicker pace.

Around 80% of IT leaders said they believe their organisation can detect a breach within eight hours, yet SonicWall findings show attackers can remain undetected for an average of around 181 days.

Automated threats are also growing, posing even bigger challenges for security teams. AI-enabled attacks increased by 89% in 2025, researchers noted, and bots are now generating 36,000 scans per second, scouring the web for potential vulnerabilities.

“Zombie Tech continues to haunt UK networks. We’re seeing millions of attacks tied to a single long-known vulnerability, alongside continued exploitation of issues first disclosed more than a decade ago,” Starkey said.

“Threats are becoming more sophisticated at the top end, while remaining highly exploitable at the base and organizations must address both.”

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

Ross Kelly
Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.

Latest
You might also like
View More ▸