Cyber attackers are becoming more adept at breaching telecom infrastructure, often without leaving a trace. As cyber threats escalate, Distributed Denial of Service (DDoS) attacks have reached unprecedented scales, and the demand for stronger cryptographic protection has grown more urgent, according to Nokia’s 11th annual Threat Intelligence Report. This comprehensive study highlights a worrying trend: 63% of telecom operators have faced at least one "living off the land" attack in the past year, with 32% experiencing multiple such incidents.
These attacks target critical systems like subscriber data and lawful interception platforms, taking advantage of trusted tools and unpatched devices to infiltrate networks. In some cases, infections remained dormant for years, silently waiting for the right moment to strike. One North American Chief Information Security Officer (CISO) explained, “Salt Typhoon was the most significant cybersecurity incident we faced in the last 12 months. Some of the entry points were put in place years ago, just sitting and waiting for the right moment to trigger.” These delayed breaches have led to significant data exposure and costly remediation efforts.
Meanwhile, DDoS attacks have grown far more frequent and intense. Terabit-scale attacks are now occurring five times more often than they did in 2024, with many being fueled by compromised residential broadband connections. According to Nokia’s findings, 78% of DDoS attacks are now mitigated within five minutes, with 37% concluding in under two minutes. This trend underscores the increasing need for faster detection and response mechanisms to keep networks secure.
To combat these growing threats, telecom operators are turning to Artificial Intelligence (AI) and Machine Learning (ML) to bolster their defences. More than 70% of telecom security leaders are prioritising AI-based threat analytics, with over half planning to deploy AI for threat detection within the next 18 months. As cyber threats evolve, the transition to quantum-safe encryption has also become a pressing need, as the lifespan of digital certificates shortens.
Human error and insider risks continue to be significant vulnerabilities, contributing to nearly 60% of costly breaches. Nokia’s report also reveals that 76% of vulnerabilities are due to missing patches, and application layer flaws are widespread as digital services continue to grow.
“Connectivity powers everything from public safety and financial transactions to digital identity. Recent attacks have reached lawful interception systems, leaked sensitive subscriber data, and even disrupted emergency services. The industry must fight back through shared threat intelligence, AI-driven detection and response, and crypto-agility, turning interconnected networks from a vulnerability into a source of resilience,” said Kal De, Senior Vice President of Product and Engineering at Nokia.
The report stresses the importance of taking immediate action to protect critical assets from increasingly sophisticated threats. “With the rise of industrialized attack tools, millions of unsecured IoT endpoints, and botnets using residential proxies, telecom network owners must act swiftly to shield their assets and customers from massive, complex DDoS attacks in the 10+ terabit range,” said Jeff Smith, Vice President and General Manager at Nokia Deepfield. “Security should be embedded into the network from the ground up, not an afterthought. DDoS protection must be an integral part of the network infrastructure to ensure that critical network functions remain uninterrupted.”
The Nokia Threat Intelligence Report draws on data from its NetGuard and Deepfield portfolios, insights from Managed Security Services, and research from Nokia Bell Labs. It includes contributions from 160 global telecom security leaders and provides a clear, evidence-based overview of the evolving risks to telecom networks, along with recommended strategies for building greater resilience.
** **