A decade-old vulnerability is still driving millions of attacks across UK networks, with hackers exploiting outdated systems that have not been patched.
SonicWall's 2025 UK cyber threat data reveals a single vulnerability in widely deployed Hikvision IP cameras accounted for 67 million attack attempts nationwide, about 20% of all major intrusions detected across British networks during the entire year.
Attackers do not need sophisticated zero-day exploits when organisations leave decade-old doors wide open. The Hikvision camera vulnerability is not new, but it remains effective because too many networks have not been patched.
The gap between detection and response is critical, with intrusions often going unnoticed when teams assume systems are secure. While ransomware volume in the UK fell by 87% during 2025, the number of organisations successfully compromised actually rose by 20%, meaning attackers are hitting fewer targets but causing more damage per successful breach.
Smaller organisations are disproportionately affected, with ransomware present in 88% of SMB breaches compared to just 39% at large enterprises. The geographic concentration of these attacks is stark, with England experiencing nearly all of the UK's ransomware incidents.
The growing number of AI tools is a problem, as bots are now generating 36,000 scans per second across UK networks, causing AI-enabled attacks to increase by 89% in 2025. Cybercriminals now combine automation with precision targeting, making it easier for them to find and exploit outdated systems at scale.
To tackle this issue, organisations should start by conducting an immediate inventory of all connected devices that may have been installed years ago and then forgotten. Every device in that inventory must be checked against known vulnerability databases, with priority given to patching any issue that has public exploit code available.
Any device that cannot be patched should be replaced with modern alternatives that receive regular security updates. Network segmentation should also be implemented to isolate legacy devices so they cannot be used as entry points to more critical systems. Firewalls must be tested regularly to ensure they are actually blocking the traffic patterns associated with known vulnerabilities, rather than merely logging them.
Organisations need to take immediate action to address these decade-old vulnerabilities and prevent further attacks.