The Rise of 'Big Game Hunting' Cyberattacks on Major Firms

The cybersecurity landscape in 2025 has become a battlefield where traditional defences are looking increasingly obsolete against sophisticated, AI-enhanced threats.

The financial stakes have never been higher, with the average cost of a data breach now reaching US$4.88m, according to research by Recorded Future, a US-based cyber threat intelligence firm.

Looking at the bigger picture, it appears as though modern cybercrime has set its crosshairs on the biggest targets it can find. It's a phenomenon that security experts now call "big game hunting".

"The surge in cyberattacks against large enterprises in 2025 reflects an evolution in both the ambition and capabilities of attackers," explains Richard LaTulip, Field Chief Information Security Officer at Recorded Future.

This strategic shift sees threat actors deliberately targeting high-value organisations for maximum disruption and financial return.

Four converging threat trends

Security analysts have identified four distinct trends altering the threat landscape. These are:

1. Ransomware evolution
2. AI-enhanced attacks
3. AI-enhanced social engineering
4. Supply chain attacks

Firstly, ransomware has evolved from simple data breaches to a beast that can paralyse businesses.

"It's no longer just about data encryption or extortion; it's about paralyzing business operations to force executive-level decisions," Richard says.

AI has become a force multiplier for attackers, driving a significant rise in credential-based attacks through automated scanning, AI-generated phishing lures and large-scale credential harvesting.

AI-enhanced social engineering now involves deepfake audio and real-time impersonation attacks targeting executives and frontline staff, enabling attackers to bypass technical controls by exploiting human trust.

Supply chain attacks are continuing to grow in scope, with attackers and hackers exploiting third-party software, developer pipelines and vendor relationships as indirect paths into well-defended enterprises. This kind of attack was visible in the recent Qantas data breach, which lost the personal details of more than six million of the airlines' customers.

The group behind the attacks: Who are Scattered Spider?

Among the most concerning developments is the rise of Scattered Spider, a cybercriminal group that has redefined the threat landscape. Unlike traditional ransomware gangs, Scattered Spider operates as a decentralised, native English-speaking collective with remarkable adaptability.

"Scattered Spider aren't mere opportunistic hackers," explains Anna Collard, SVP of Content Strategy & Evangelist at KnowBe4 Africa. "They operate more like well-funded, well-organised crime syndicates."

The group's membership, some as young as 18, coordinates activities through platforms like Discord and Telegram.

Scattered Spider's primary weapons exploit human vulnerabilities. "They're agile, patient and disturbingly good at blending in. They've mastered social engineering," says Anna.

"They specialise in exploiting human trust. From vishing (voice phishing) to impersonating internal staff and triggering what's referred to as 'MFA fatigue'; they're skilled manipulators who understand both systems and people."

MFA fatigue involves repeated multi-factor authentication prompts, hoping bombarded employees eventually click "approve" to stop the interruptions.

The group's tactics include calling IT helpdesks to reset credentials, gaining access to target infrastructure and subsequently deploying ransomware-as-a-service tools.

The UK retail attacks

Scattered Spider's impact became clear through their April 2025 attacks on major UK retailers. Marks & Spencer suffered losses of more than US$400m, with supply chains affected for weeks.

Beyond direct losses, more than US$1bn was stripped from the organisation's market value.

"These attacks aren't just about stolen data," explains Anna. "They took whole systems offline. In retail, downtime is a critical threat – it affects sales, customer trust and brand loyalty, instantly."

“The shelves might get restocked, but the long-term effects ripple through every part of the business,” says Dustin Kluttz, Senior Cybersecurity Strategist at Cybersecure.

Global implications

The implications extend globally, particularly affecting regions undergoing rapid digital transformation. Retailers across Africa are digitally transforming with cloud-based systems, but systems like these open businesses up to attacks from more angles.

High employee turnover, remote workforces and under-resourced helpdesks compound exposure risks. Security experts point to gaps in access controls, third-party risk management and cloud security as common weaknesses.

"Legacy systems, shadow IT, and poorly enforced policies create entry points," warns Anna. "Attackers don't need to break in if they can just log in."

The road ahead

"Modern cybercrime is faster, smarter, and more deceptive than ever before – and it's costly," observes Richard.

Organisations need threat intelligence that is real-time, contextual and actionable. Enterprises must shift from reactive defence to proactive security, illuminating adversary infrastructure, intent and tactics before attacks materialise.

"Train your frontline teams, especially in helpdesk and customer support. Teach them to detect manipulation. Make secure behaviour the norm – not the exception," Anna explains.

Critical questions organisations must address include whether an attacker could trick their helpdesk into a password reset and whether staff would recognise social engineering attempts.

"If the answer is 'no' to any of these, your organisation is vulnerable," warns Anna.

"But the good news is that change is possible – and fast – when you start investing in the human element."

"Cyber resilience is a collective responsibility and in an interconnected world, learning from each other's crises is one of the smartest defences we have."