• Nokia has just published its latest Threat Intelligence Report
• It reveals the worrying extent of the cybersecurity challenges facing telcos around the world

Cyberattacks, data breaches and other security incidents are the bane of telcos’ lives, with recent examples including the cybersecurity breach at SK Telecom, which continues to suffer the repercussions on its business to this day. 

SK Telecom’s experience should serve as a warning to the global telco community, as Nokia’s 11th annual Threat Intelligence Report shows: The new report’s findings are pretty alarming for the telecom sector as the rate of cyberattacks and other network intrusions grows.

Indeed, the Finnish vendor reports that cyberattackers are “increasingly penetrating core telecom infrastructure undetected”, while distributed denial of service (DDoS) attacks have “surged to new extremes, powered by compromised home internet connections”. 

It describes how attackers have stepped up their intrusions into core networks, in some cases reaching sensitive systems, such as subscriber data and lawful interception platforms, as seen in the high-profile Salt Typhoon case. 

Indeed, major hacking outfit Salt Typhoon has gained notoriety for breaching multiple major US telco networks, but also seems to be active in a number of countries and to be targeting companies across multiple industry sectors. 

“They often hide in plain sight by abusing trusted tools, unpatched devices and misconfigurations,” the Nokia report says. 

In particular, 63% of operators faced at least one “living off the land” attack last year, and 32% saw four or more. These types of attacks are where adversaries use legitimate tools and deep knowledge of telecom technologies to blend in and evade detection. 

Meanwhile, what Nokia describes as “terabit-scale” DDoS attacks are now a “daily reality, up from once every five days in 2024, and gigabit residential broadband connectivity is amplifying the dangers”. 

Indeed, a recent report from Netscout also noted that service providers have found themselves the main target of DDoS attacks as threat actors use them as a tool to drive geopolitical cyber warfare – see Telco DDoS threat on the rise amid geopolitical unrest. 

The Nokia report adds that DDoS peaks in the 5 Tbit/s to 10 Tbit/s range are the “new normal”, escalating faster than most alert systems can raise alarms. 

“Some 78% of DDoS attacks now end within five minutes (up from 44% in 2024), with 37% wrapping up in under two minutes, highlighting the need for rapid detection and mitigation,” the report states. 

Alarmingly, it also finds that more than 100 million residential endpoints (4% of the global total) are now available for exploits and the malicious uses of bandwidth. 

So what can operators do to fend off this rising wave of malicious and damaging attacks? Use AI and machine learning (ML), of course, with “quantum-safe networking” seen as the “next frontier”. 

In terms of AI, while more than 70% of telecom security leaders are said to prioritise AI- and machine learning-based threat analytics, and more than half plan to deploy AI for detection within 18 months, it seems that quantum computing risk “ranks second to last among concerns for network security professionals”. 

Meanwhile, telcos are advised to improve internal security measures as well as network hygiene, as insider risk, human error and misconfigurations remain major vulnerabilities. 

“Nearly 60% of high-cost breaches stem from insider actions or mistakes, with complex supply chains further increasing exposure to credential misuse, privilege escalation and physical access breaches,” the Nokia report says. 

Kal De, senior vice president of product and engineering for cloud and network services at Nokia, urges the telecom sector to “fight back through shared threat intelligence, AI-driven detection and response, and crypto-agility, turning interconnected networks from a vulnerability into a source of resilience”. 

Jeff Smith, VP and general manager at Nokia’s Deepfield business, adds that security “should not be an afterthought; rather, DDoS protection must be built into the network itself, ensuring critical network functions continue uninterrupted”. 

The Nokia Threat Intelligence Report draws on operational insights from the company’s NetGuard and Deepfield portfolios, data from managed security services operations, research from Nokia Bell Labs, cybersecurity consulting and quantum-safe networking, and insights from “160 global telecom security leaders”.

- Anne Morris, Contributing Editor, TelecomTV