The threat landscape facing telecom networksย continues to evolve in ways that challenge the assumptions behind earlier security models.ย Whereas in the past telecom providersย preparedย forย attacks which broadly followed similarย patterns, todayโs adversariesย operateย with far greater precision, speed, and strategic intent. To protect networks against these new threats, it is crucial to understand the dominant risks now shaping telecom security.ย
Silent, persistent intrusions targeting the telecom coreย
Modern cyber-attacks are increasingly embedding themselves deep within network signaling paths, orchestration layers, and core infrastructure through sophisticated, infrastructure-level campaigns. In the past year,ย 63% of telecom providers experiencedย at least one so-called โliving-off-the-landโ intrusion andย nearly aย third reported four or more such incidents. These attacks allow threat actors to blend into normal operations and remain undetected for months, exploiting weak credentials and overlooked edge systems as entry points.ย The Salt Typhoonhttps://www.nokia.com/cybersecurity/threat-intelligence-report/ย attack is one notable example of this. By exploiting long-standing entry points to compromise lawful interception systems, attackersย maintainedย long-term, privileged access across networks in more than 80 countries.ย Clearly, theย extent to which adversaries can now embed themselves within telecom environments has surpassed early predictions and presents a clear and complex risk to telecom networks across the world.ย
Flash-crash DDoS surgesย
DDoS attacks have also evolved in recent years, now becoming short-lived, multi-terabit floods capable of overwhelming traditional defenses before they can respond. Millions of insecure IoT and consumer devices now serve as high-volume botnet amplifiers, generating traffic that can exceed terabit-scale thresholds.ย ย
Todayโs attacksย frequentlyย peak at 5โ10ย Tbpsย withย 78% lastingย less than five minutes and 37% concluding in under two minutes. Theseย brief,ย intense burstsย canย cause widespread service disruption, undermining networkย integrityย and complicating recovery.ย In fact,ย ย 44.4%ย of operators rank reputational damage as the most serious consequence of a breach, surpassing bothย financial lossย and technicalย impact.ย ย ย
A crowded middle groundย
However, whilst stealthy intrusions and high-volume attacks clearly pose the most danger, focusing on them alone risks missing the growing โmiddleโ of the threat landscape. Telecom providers are now also increasingly seeing ransomware targeting OSS/BSS platforms, cloud-native network functions, and many layers in between (including hybrid attacks that combine distraction with data exfiltration). These reflect a shift to multi-stage operations where attackers gain access through weak credentials or exposed devices,ย establishย persistence, and trigger disruption only when it suits their goals. Increasingly, the aim is longโterm leverage, not immediate impact.ย
Redefining resilience for modern networksย
In this complex and fast changing environment, resilience is no longer a reactive defensive posture but must be a foundational operating principle, built on operational trust, automation at scale and protection that adapts as fast as the threats themselves. For telecom providers, this means moving beyond legacy security playbooks toย prioritisingย a set of capabilities that will strengthen the networks against both rapid attacks and long-term infiltration.ย In particular thisย means:ย
- Adopting sub-minute mitigation:ย Shrinking attack windows demand defense mechanisms that act in real-time, at the network edge and across distributed control planes. Automated policies, AI-driven analytics, and real-time telemetry are now essential to stopping attacks within seconds.ย
- Monitoring the telecom crown jewels:ย Continuous monitoring, explicit trust checks, and anomaly detection tailored to telecom-specific traffic patterns are essential toย identifyingย subtle deviations that mayย indicateย compromise.ย
- Focusing on identity hygiene:ย Nearly 60%ย of high-cost breaches stem from insider errors or weak credentials. Rigorous identity hygiene, including credential rotation, strong authentication, and granular access control,ย remainsย one of the highest-impact defenses against persistent infiltration campaigns.ย
- Preparing for post-quantum risks:ย Cryptographic demands are accelerating as certificate lifecycles shrink and quantum computingย approaches. Automatedย certificateย lifecycle management and early preparation for post-quantum cryptography will help future-proof networks against emerging cryptographic threats.ย
- Shifting to AI-native security:ย As attack speeds continue to outpace human response times, AI becomes a cornerstone of resilient defense. Machine learning-based baselining, anomaly detection, and predictive analytics canย identifyย both subtle, long-term intrusions and abrupt, high-volume attacksย beforeย services areย impacted. Over 70% of network security leaders nowย prioritiseย AI/ML-based threat analytics for exactly this reason.ย
Resilience as a continuous disciplineย
Today, resilience is not about deploying a single tool or control, but instead it is about adopting an operating principle – one that shortens response times, reduces implicit trust, and automates the fundamentals attackers continue to exploit.ย
The key here isย prioritisingย resilience as a core network attribute rather than an afterthought. In a threat landscape that continues to evolve and refuses to simplify, protecting mission-critical networks means designing them to withstand both the attacks we see today and those still taking shape. Building networks that refuse to break, combining real-timeย defence, disciplined identity hygiene, continuous telemetry and AI-driven analytics is central toย maintainingย secure, reliable connectivity both now and well into the future.ย
ย
