Threat Actors Ditch ‘Spray and Pray’ Attacks in Shift to Targeted Exploitation

The latest SonicWall report signals a strategic pivot in cyber‑crime tactics. Rather than flooding the internet with indiscriminate malware, threat actors are now focusing on high‑value targets, especially small and medium‑size businesses that often lack mature security controls. This "big‑game hunting" approach leverages known vulnerabilities—such as the ten‑year‑old flaw in Hikvision IP cameras—that remain unpatched across thousands of devices, enabling attackers to launch millions of automated attempts with minimal effort.

For security leaders, the data underscores the urgency of proactive vulnerability management. While 80% of IT executives believe they can detect a breach within eight hours, the average dwell time reported by SonicWall stretches to 181 days, highlighting a stark gap between perception and reality. Prioritizing patch cycles for legacy equipment, conducting regular penetration testing, and employing threat‑intelligence feeds can reduce exposure to the so‑called "zombie tech" that continues to haunt UK networks.

Compounding the challenge, AI‑enabled attacks have exploded, rising 89% in 2025, and bots now perform up to 36,000 scans per second. These automated tools accelerate the discovery and exploitation of weaknesses, forcing security teams to adopt more sophisticated, behavior‑based defenses. Organizations that invest in advanced detection platforms, zero‑trust architectures, and continuous monitoring will be better positioned to thwart the increasingly precise ransomware campaigns reshaping the threat landscape.