Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitation

Cyber criminals are shifting away from high-volume “spray and pray” threat campaigns toward more targeted attacks to “maximize impact against fewer victims”.

That’s according to new research from SonicWall, which recorded a 20% increase in the number of compromised organizations across the UK last year, even as broader ransomware volumes fell by 87%.

SonicWall noted that smaller businesses are among those most likely to be targeted in “big game hunting” ransomware campaigns. Figures published by the firm show ransomware was used in 88% of SMB breaches, for example.

That marks a stark contrast to larger enterprises, in which just 39% of cases involved ransomware.

Latest Videos From

“The UK data for 2025 highlights ransomware is evolving into Big Game Hunting,” said Spencer Starkey, executive VP for EMEA at SonicWall.

“On the surface, the 87% drop in overall attack volume might look like progress, but the reality is more alarming. More organisations are being successfully hit, and attackers are doing it with far greater precision."

Targeting “zombie tech”

SonicWall noted that threat actors are prioritizing attacks on organizations with less mature security environments, but also those operating on outdated infrastructure, or “zombie tech”.

Researchers highlighted a single decade-old vulnerability in Hikvision IP cameras accounted for 67 million attempted cyber attacks in the UK alone last year, representing 20% of all intrusion activities observed by the firm.

This single case underlines the risks posed to enterprises by vulnerabilities flying under the radar, according to SonicWall – and it comes at a time when flaws are being exploited at an even quicker pace.

Around 80% of IT leaders said they believe their organisation can detect a breach within eight hours, yet SonicWall findings show attackers can remain undetected for an average of around 181 days.

Automated threats are also growing, posing even bigger challenges for security teams. AI-enabled attacks increased by 89% in 2025, researchers noted, and bots are now generating 36,000 scans per second, scouring the web for potential vulnerabilities.

“Zombie Tech continues to haunt UK networks. We’re seeing millions of attacks tied to a single long-known vulnerability, alongside continued exploitation of issues first disclosed more than a decade ago,” Starkey said.

“Threats are becoming more sophisticated at the top end, while remaining highly exploitable at the base and organizations must address both.”

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.