- Decade-old vulnerabilities still cause millions of attacks on UK networks
- Hackers prefer easy targets that outdated, unpatched systems leave open
- AI-powered scans expose weak networks at unprecedented speed and scale
Across the UK, thousands of organizations continue to operate IT systems with security holes that were first identified over ten years ago.
Cybercriminals are taking full advantage of this negligence, launching relentless waves of attacks against these unprotected entry points.
SonicWall UK cyber threat data for 2025 states that a single vulnerability in widely deployed Hikvision IP cameras accounted for 67 million attack attempts across the country, approximately 20% of all major intrusions detected on British networks throughout the year.
Article continues below.
Attackers exploit what organizations already know but ignore
“Meanwhile, Zombie Tech continues to stalk UK networks,” said Spencer Starkey, executive vice president of EMEA at SonicWall.
“We are seeing millions of attacks tied to a single, long-known vulnerability, along with continued exploitation of issues that were first revealed more than a decade ago.”
Attackers don’t need sophisticated zero-day exploits when organizations leave decade-old doors open.
The Hikvision camera vulnerability is not new, but it is still effective because many networks have not been patched.
Interestingly, about 80% of IT leaders say they can detect a breach within eight hours of its occurrence; However, evidence shows that intrusions typically go undetected for an average of 181 days.
This gap is critical because intrusions often go undetected when teams assume systems are secure.
Overall, ransomware volume in the UK fell by 87% during 2025, but that seemingly positive statistic hides a darker trend.
The number of successfully compromised organizations actually increased by 20%, meaning attackers are attacking fewer targets but causing more damage per successful breach.
“At first glance, the 87% drop might seem like progress, but the reality is more alarming,” Starkey said. “More organizations are being successfully attacked, and attackers are doing so with much greater precision.”
Smaller organizations are disproportionately affected: ransomware is present in 88% of SMB breaches, compared to just 39% in large enterprises.
The geographical concentration of these attacks is stark, with England experiencing almost all of the UK’s ransomware incidents.
London and the South East account for the vast majority of successful attacks, reflecting where the most valuable targets are located.
The growing number of AI tools is an issue, with bots now generating 36,000 scans per second on UK networks, which will cause AI-enabled attacks to increase by 89% by 2025.
Cybercriminals now combine automation with precise targeting, making it easier for them to find and exploit outdated systems at scale.
What organizations should do when faced with the problem of zombie technology
To address this issue, organizations should start by taking an immediate inventory of all connected devices that may have been installed years ago and then forgotten.
Each device in that inventory should be compared against databases of known vulnerabilities, prioritizing fixing any issues that have publicly available exploit code.
Any device that cannot be patched should be replaced with modern alternatives that receive regular security updates.
Network segmentation should also be implemented to isolate legacy devices so that they cannot be used as entry points to more critical systems.
Firewalls should be tested periodically to ensure that they are actually blocking traffic patterns associated with known vulnerabilities, rather than just logging them.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
