Cyber attackers are increasingly infiltrating core telecom infrastructure undetected, while Distributed Denial of Service (DDoS) attacks have surged to unprecedented levels, according to Nokia’s 11th Annual Threat Intelligence Report.
The report highlights how attackers are exploiting trusted systems, home broadband connections, and security misconfigurations to launch stealthy and large-scale attacks — pushing the telecom industry to adopt AI-based defenses and prepare for quantum-safe encryption.
Stealthy Intrusions Targeting Telecom Core
Attackers have intensified efforts to breach the core networks of telecom operators, reaching sensitive systems like subscriber databases and lawful interception platforms — notably seen in the Salt Typhoon incident. Many of these campaigns operate quietly for years, leveraging “living off the land” techniques that use legitimate network tools to evade detection.
63 percent of operators faced at least one such attack in the past year.
32 percent experienced four or more.
These multi-year infections have led to significant data leaks and costly remediation efforts. One North American CISO noted that the Salt Typhoon breach revealed “entry points put in place years ago, just waiting for the right moment to trigger.”
DDoS Attacks Become Shorter, Faster, and More Destructive
Nokia’s report reveals that terabit-scale DDoS attacks have become a daily occurrence, compared to once every five days in 2024.
DDoS peaks in the 5–10 Tbps range are now common.
78 percent of attacks last under five minutes, up sharply from 44 percent a year ago.
Over 100 million residential internet connections are now exploited for bandwidth abuse.
The growing prevalence of high-speed residential broadband has amplified these attacks, enabling threat actors to launch devastating DDoS campaigns in seconds.
AI Defense and Quantum-Safe Networks Take Center Stage
More than 70 percent of telecom security leaders now prioritize AI- and ML-powered threat analytics to counter evolving threats. Over half plan to deploy AI-driven detection tools within the next 18 months.
In parallel, telecom providers are being urged to accelerate crypto-agility — the ability to quickly switch encryption methods to defend against quantum computing threats. Nokia warns that digital certificate validity will shrink from over a year to just 47 days by 2029, emphasizing the need for automation and compliance readiness.
Human Error and Insider Risks Still Dominate
Despite technological advances, human and insider risks remain leading causes of telecom breaches. Nearly 60 percent of costly incidents stem from insider mistakes, privilege misuse, or misconfigurations. Moreover, 76 percent of vulnerabilities are tied to unpatched systems, while weak access controls continue to expose application layers to exploitation.
Industry Leaders Call for Built-In Security
“Connectivity powers everything from public safety to digital identity,” said Kal De, Senior Vice President of Cloud and Network Services at Nokia. “The industry must fight back through shared threat intelligence, AI-driven detection, and crypto-agility to turn interconnected networks into sources of resilience.”
Jeff Smith, Vice President and General Manager of Nokia Deepfield, added, “With the rise of industrialized attack tools and insecure IoT endpoints, DDoS protection must be built into the network itself. Only then can operators ensure continuity of critical services even under massive 10+ Tbps attacks.”
TelecomLead.com News Desk
