Attackers are now penetrating sensitive systems such as subscriber data and lawful interception platforms, often exploiting trusted tools and unpatched devices. Multi-year infections have caused significant data exposure and costly remediation, with one North American CISO stating, “Salt Typhoon was the most significant cybersecurity incident we faced in the last 12 months. … Some of the entry points were put in place years ago, just sitting and waiting for the right moment to trigger.”
Terabit-scale DDoS attacks are occurring five times more frequently than in 2024, fuelled by compromised residential broadband connections. Nokia found that 78% of DDoS attacks now end within five minutes and 37% conclude in under two minutes, underscoring the need for faster detection and mitigation.
AI-driven defences are becoming central to network protection, with more than 70% of telecom security leaders prioritising AI- and ML-based threat analytics. Over half plan to deploy AI for detection within 18 months, while the shift to quantum-safe encryption gains urgency as digital certificate lifespans fall sharply.
Insider risk and human error continue to be major vulnerabilities, responsible for nearly 60% of costly breaches. The report also highlights that 76% of vulnerabilities stem from missing patches, with application layer flaws remaining widespread as digital services expand.
“Connectivity powers everything from public safety and financial transactions to digital identity. Recent attacks have reached lawful interception systems, leaked sensitive subscriber data and disrupted emergency services. The industry must fight back through shared threat intelligence, AI-driven detection and response, and crypto-agility, turning interconnected networks from a vulnerability into a source of resilience,” said Kal De, Senior Vice President, Product and Engineering, Cloud and Network Services, Nokia.
“In light of the rise of industrialized attack tools, millions of insecure IoT endpoints and organized botnets employing residential proxies, network owners must act now to protect their assets and customers from massive, complex and highly variable DDoS attacks in the 10+ terabit range. Security should not be an afterthought; rather, DDoS protection must be built into the network itself, ensuring critical network functions continue uninterrupted,” said Jeff Smith, Vice President and General Manager, Deepfield, Nokia.
The Nokia Threat Intelligence Report combines operational data from its NetGuard and Deepfield portfolios, insights from Managed Security Services, and research from Nokia Bell Labs. Based on responses from 160 global telecom security leaders, the report provides an evidence-based overview of the evolving risks and recommended strategies to enhance resilience across critical networks.
Read Nokia Threat Intelligence Report.
