TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

IT Pro

Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitation

Ross Kelly · 2026-04-24 · Read original ↗

ATT&CK techniques detected

4 predictions
T1486Data Encrypted for Impact
85%
“threat actors ditch ‘ spray and pray ’ attacks in shift to targeted exploitation threat actors ditch ‘ spray and pray ’ attacks in shift to targeted exploitation a dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation cyber criminals a…”
T1588.006Vulnerabilities
75%
“an average of around 181 days. automated threats are also growing, posing even bigger challenges for security teams. ai - enabled attacks increased by 89 % in 2025, researchers noted, and bots are now generating 36, 000 scans per second, scouring the web for potential vulnerabili…”
T1588.006Vulnerabilities
36%
“attack volume might look like progress, but the reality is more alarming. more organisations are being successfully hit, and attackers are doing it with far greater precision. " targeting “ zombie tech ” sonicwall noted that threat actors are prioritizing attacks on organizations…”
T1589.001Credentials
34%
“- the rise of teen hackers ‘ makes for a good headline ’, but cyber crime activities peak later in life news with family responsibilities and mortgages to pay, it ' s not teenagers dishing out malware or carrying out cyber extortion - ransomware gangs are using employee monitorin…”

Summary

A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation