Attackers have intensified their intrusions into core networks, in some cases reaching sensitive systems such as subscriber data and lawful interception platforms, as seen in the high-profile Salt Typhoon case. They often hide in plain sight by exploiting trusted tools, unpatched devices, and misconfigurations.
63% of operators faced at least one "living off the land" attack last year; 32% suffered four or more.
Low-profile infections that have persisted for years have resulted in significant data exposure and forced operators to undertake costly remediation efforts, highlighting the business and reputational risks associated with long-term privileged access.
As the CISO of one of North America's leading CSPs stated, "Salt Typhoon was the most significant cybersecurity incident we've faced in the past 12 months. ... Some of the entry points were installed years ago, waiting for the right moment to activate."
DDoS attacks are shorter and more powerful.
Terabit-scale DDoS attacks are now an everyday reality, up from one every five days in 2024, and gigabit residential broadband connectivity is amplifying the dangers.
DDoS spikes in the 5-10 Tbps range are the "new normal," escalating faster than most alert systems can sound the alarm.
Around 78% of DDoS attacks now end within five minutes (up from 44% in 2024), and 37% in less than two minutes, highlighting the need for rapid detection and mitigation.
More than 100 million residential endpoints (4% of the global total) are now available for exploits and malicious bandwidth use.
AI is now fundamental to defense, and secure quantum networks are the next frontier.
More than 70% of telecom security leaders now prioritize AI-based threat analysis and machine learning, and more than half plan to deploy AI for detection within 18 months as a direct response to stealth attacks and rapid DDoS campaigns. Similarly, telecom companies must also adopt automated certificate management and quantum-ready encryption.
The validity period of digital certificates is being drastically reduced, from more than a year currently to just 47 days in 2029.
Despite upcoming compliance deadlines from regulatory bodies, especially in the European Union, the sense of urgency within the sector is low: the risk of quantum computing ranks second to last among the concerns of network security professionals.
Insider risks, human error, and misconfigurations remain significant vulnerabilities.
Nearly 60% of high-cost breaches are due to internal actions or errors, and complex supply chains further increase exposure to credential misuse, privilege escalation, and physical access breaches.
Hygiene deficiencies also continue to create openings, with 76% of vulnerabilities resulting from a lack of patches.
Application-layer issues, including weak access controls and exploitable software flaws, remain prevalent as digital services expand.
“Connectivity drives everything from public safety and financial transactions to digital identity. Recent attacks have compromised lawful interception systems, leaked sensitive subscriber data, and disrupted emergency services. The industry must fight back by sharing threat intelligence, AI-powered detection and response, and crypto agility, transforming interconnected networks from a vulnerability into a source of resilience,” said Kal De, senior vice president of Product and Engineering, Cloud and Network Services at Nokia.
“In light of the rise of industrialized attack tools, millions of insecure IoT endpoints, and organized botnets employing residential proxies, network owners must act now to protect their assets and customers from massive, complex, and highly variable DDoS attacks in the range of more than 10 terabits. Security should not be an afterthought; DDoS protection must be built into the network itself, ensuring that critical network functions continue uninterrupted ,” said Jeff Smith, Vice President and General Manager of Deepfield, Nokia.
