Critical networks face stealthy intrusions, record-breaking DDoS attacks and rising cryptographic demands, according to Nokia study

Press Release
Critical networks face stealthy intrusions, record-breaking DDoS attacks and rising cryptographic demands, according to Nokia study

Nearly 2 in 3 telecom operators experienced at least one “living off the land” attack the past 12 months, and 32% saw four or more.
Terabit-scale DDoS attacks are happening five times more frequently and with greater peak strength, as 4% of the world’s home internet connections are compromised; some 37% of DDoS attacks now end within two minutes.
More than 70% of telecom security leaders now prioritize AI- and ML-based threat analytics, and over half plan to deploy AI for detection within 18 months.

8 October 2025
Espoo, Finland – Cyber attackers are increasingly penetrating core telecom infrastructure undetected; DDoS attacks have surged to new extremes, powered by compromised home internet connections; and crypto agility is moving from roadmap to requirement, according to Nokia's 11th annual Threat Intelligence Report.

Stealthy campaigns now target the telco core
Attackers have stepped up their intrusions into core networks, in some cases reaching sensitive systems such as subscriber data and lawful interception platforms, as seen in the high-profile Salt Typhoon case. They often hide in plain sight by abusing trusted tools, unpatched devices and misconfigurations.

63% of operators faced at least one “living off the land” attack last year; 32% saw four or more.
Multi-year, low-profile infections have led to major data exposure and forced operators into costly remediation, highlighting the business and reputational risks of long-term, privileged access.
As the CISO from one leading CSP in North America said, “Salt Typhoon was the most significant cybersecurity incident we faced in the last 12 months. … Some of the entry points were put in place years ago, just sitting and waiting for the right moment to trigger.”

DDoS attacks are shorter and more powerful
Terabit-scale DDoS attacks are now a daily reality, up from once every five days in 2024, and gigabit residential broadband connectivity is amplifying the dangers.

DDoS peaks in the 5 to 10 Tbps range are the “new normal,” escalating faster than most alert systems can raise alarms.
Some 78% of DDoS attacks now end within five minutes (up from 44% in 2024), with 37% wrapping up in under two minutes, highlighting the need for rapid detection and mitigation.
Over 100 million residential endpoints (4% of the global total) are now available for exploits and malicious uses of bandwidth.

AI is now central to defense, and quantum-safe networking is the next frontier
More than 70% of telecom security leaders now prioritize AI- and ML-based threat analytics, and over half plan to deploy AI for detection within 18 months — a direct response to stealthy attacks and rapid DDoS campaigns. In a similar sense, telcos also need to adopt automated certificate management and encryption that’s ready for the quantum future.

The timespan in which digital certificates remain valid is shrinking dramatically, from currently over a year to just 47 days by 2029.
Despite upcoming compliance deadlines from governing bodies — particularly in the European Union — the industry’s sense of urgency is low: Quantum computing risk ranks second to last among concerns for network security professionals.

Insider risk, human error and misconfigurations remain major vulnerabilities
Nearly 60% of high-cost breaches stem from insider actions or mistakes, with complex supply chains further increasing exposure to credential misuse, privilege escalation and physical access breaches.

Hygiene gaps still open doors too, as 76% of vulnerabilities stem from missing patches.
Application‑layer issues, including poor access controls and exploitable software flaws, remain prevalent as digital services expand.

“Connectivity powers everything from public safety and financial transactions to digital identity. Recent attacks have reached lawful interception systems, leaked sensitive subscriber data and disrupted emergency services. The industry must fight back through shared threat intelligence, AI-driven detection and response, and crypto-agility, turning interconnected networks from a vulnerability into a source of resilience,” said Kal De, Senior Vice President, Product and Engineering, Cloud and Network Services, Nokia.

“In light of the rise of industrialized attack tools, millions of insecure IoT endpoints and organized botnets employing residential proxies, network owners must act now to protect their assets and customers from massive, complex and highly variable DDoS attacks in the 10+ terabit range. Security should not be an afterthought; rather, DDoS protection must be built into the network itself, ensuring critical network functions continue uninterrupted,” said Jeff Smith, Vice President and General Manager, Deepfield, Nokia.

About the report
The Nokia Threat Intelligence Report draws on operational insights from the company’s NetGuard and Deepfield portfolios, real-world data from Managed Security Services operations, advanced research from Nokia Bell Labs, and expertise in cybersecurity consulting and quantum-safe networking. These are complemented by fresh quantitative and qualitative insights from 160 global telecom security leaders, providing a nuanced, evidence-based view of the risks and responses shaping the sector. The report includes a comprehensive set of recommendations spanning threat detection and response, AI adoption, DDoS mitigation, regulatory compliance, quantum readiness and more, to help telecom operators strengthen resilience across their networks.

About Nokia
At Nokia, we create technology that helps the world act together.

As a B2B technology innovation leader, we are pioneering networks that sense, think and act by leveraging our work across mobile, fixed and cloud networks. In addition, we create value with intellectual property and long-term research, led by the award-winning Nokia Bell Labs, which is celebrating 100 years of innovation. 

With truly open architectures that seamlessly integrate into any ecosystem, our high-performance networks create new opportunities for monetization and scale. Service providers, enterprises and partners worldwide trust Nokia to deliver secure, reliable, and sustainable networks today – and work with us to create the digital services and applications of the future.

Multimedia, technical information and related news
Web Page: Cybersecurity
Web Page: XDR Security
Product Page: Stop botnets and DDoS attacks with AI-driven defense
Product Page: Deepfield Defender | Advanced DDoS Security by Nokia
Byline: Managing cybersecurity amid the quest for autonomous networks

Media inquiries
Nokia Press Office
Email: Press.Services@nokia.com

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.