UK cybercriminals target zombie tech in big-game attacks

SonicWall’s 2025 UK data show cybercriminals shifted from high-volume “spray and pray” campaigns to targeted big-game hunting. The firm recorded a 20% increase in compromised organizations as overall ransomware volume dropped 87% year over year.

Smaller businesses were hit most often in these targeted campaigns. Ransomware was involved in 88% of breaches affecting small and medium-sized businesses, compared with 39% of incidents at larger enterprises, according to SonicWall’s figures.

Spencer Starkey, executive vice president for EMEA at SonicWall, warned that the fall in overall attack volume can be misleading. “On the surface, the 87% drop in overall attack volume might look like progress, but the reality is more alarming. More organizations are being successfully hit, and attackers are doing it with far greater precision,” he said.

The firm reported attackers focused on outdated or poorly maintained systems, which it calls “zombie tech.” SonicWall found a single decade-old vulnerability in Hikvision IP cameras accounted for about 67 million attempted attacks in the UK last year, representing roughly 20% of all intrusion activity it observed.

Automated and AI-enabled threats rose sharply in 2025. SonicWall recorded an 89% increase in AI-assisted attacks and estimated that automated scanners generated around 36,000 scans per second across the internet as threat actors searched for vulnerable assets.

A gap emerged between confidence and detection times. Around 80% of IT leaders surveyed reported they believed their organization could detect a breach within eight hours, while SonicWall’s data show the average attacker remained undetected for about 181 days.

SonicWall urged organizations to prioritize patching, retire unsupported technology and strengthen monitoring to address targeted attacks and large-scale automated scanning.