- Decade-old vulnerabilities still causing millions of attacks on UK networks
- Hackers prefer easy targets left open by outdated, unpatched systems
- AI-powered analytics reveals weak networks at unprecedented speed and scale
Across the UK, thousands of organizations continue to operate IT systems with security vulnerabilities first identified more than a decade ago.
Cybercriminals take full advantage of this neglect and launch relentless waves of attacks against these unprotected entry points.
SonicWall’s UK cyber threat data for 2025 claims that a single vulnerability in widely deployed Hikvision IP cameras accounted for 67 million attack attempts across the country, or around 20% of all major intrusions detected on UK networks during the entire year.
Article continues below
Attackers exploit what organizations already know but don’t know
“Meanwhile, Zombie Tech continues to haunt UK networks,” said Spencer Starkey, executive vice president EMEA at SonicWall.
“We are seeing millions of attacks linked to a single, long-known vulnerability, alongside continued exploitation of issues first revealed more than a decade ago.”
Attackers don’t need sophisticated zero-day exploits when organizations are leaving decade-old doors wide open.
The Hikvision camera vulnerability is not new, but it remains effective because too many networks have not been patched.
Interestingly, around 80% of IT managers say they can detect a breach within eight hours of its occurrence. However, evidence shows that intrusions typically go unnoticed for an average of 181 days.
This gap is critical because intrusions often go unnoticed when teams assume systems are secure.
Overall, the volume of ransomware in the UK fell by 87% in 2025, but this seemingly positive statistic hides a darker trend.
The number of organizations successfully compromised actually increased by 20%, meaning attackers are hitting fewer targets but causing more damage per successful breach.
“On the surface, the 87% drop may look like progress, but the reality is more alarming,” Starkey said. “More and more organizations are being successfully hit, and attackers are doing it with much greater precision. »
Smaller organizations are disproportionately affected, with ransomware present in 88% of SMB breaches compared to just 39% in large enterprises.
The geographic concentration of these attacks is striking, with England experiencing almost all of the UK’s ransomware incidents.
London and the South East account for the vast majority of successes, reflecting where the most valuable targets are located.
The growing number of AI tools is a problem as bots now generate 36,000 scans per second on UK networks, leading to an 89% increase in AI-based attacks by 2025.
Cybercriminals now combine automation with precise targeting, making it easier to find and exploit outdated systems at scale.
What organizations should do about zombie technology
To solve this problem, organizations should start by taking an immediate inventory of all connected devices that may have been installed years ago and then forgotten about.
Each device in this inventory should be checked against databases of known vulnerabilities, with priority given to patching any issues for which public exploit code is available.
Any device that cannot be patched should be replaced with modern alternatives that receive regular security updates.
Network segmentation should also be implemented to isolate existing devices so that they cannot be used as entry points to more critical systems.
Firewalls should be tested regularly to ensure they are actually blocking traffic patterns associated with known vulnerabilities, rather than just logging them.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
