How evolving threats are redefining network defence

The threat landscape facing telecom networks continues to evolve in ways that challenge the assumptions behind earlier security models. Whereas in the past telecom providers prepared for attacks which broadly followed similar patterns, today’s adversaries operate with far greater precision, speed, and strategic intent. To protect networks against these new threats, it is crucial to understand the dominant risks now shaping telecom security. 

Silent, persistent intrusions targeting the telecom core 

Modern cyber-attacks are increasingly embedding themselves deep within network signaling paths, orchestration layers, and core infrastructure through sophisticated, infrastructure-level campaigns. In the past year, 63% of telecom providers experienced at least one so-called “living-off-the-land” intrusion and nearly a third reported four or more such incidents. These attacks allow threat actors to blend into normal operations and remain undetected for months, exploiting weak credentials and overlooked edge systems as entry points. The Salt Typhoonhttps://www.nokia.com/cybersecurity/threat-intelligence-report/ attack is one notable example of this. By exploiting long-standing entry points to compromise lawful interception systems, attackers maintained long-term, privileged access across networks in more than 80 countries. Clearly, the extent to which adversaries can now embed themselves within telecom environments has surpassed early predictions and presents a clear and complex risk to telecom networks across the world. 

Flash-crash DDoS surges 

DDoS attacks have also evolved in recent years, now becoming short-lived, multi-terabit floods capable of overwhelming traditional defenses before they can respond. Millions of insecure IoT and consumer devices now serve as high-volume botnet amplifiers, generating traffic that can exceed terabit-scale thresholds.  

Today’s attacks frequently peak at 5–10 Tbps with 78% lasting less than five minutes and 37% concluding in under two minutes. These brief, intense bursts can cause widespread service disruption, undermining network integrity and complicating recovery. In fact,  44.4% of operators rank reputational damage as the most serious consequence of a breach, surpassing both financial loss and technical impact.   

A crowded middle ground 

However, whilst stealthy intrusions and high-volume attacks clearly pose the most danger, focusing on them alone risks missing the growing “middle” of the threat landscape. Telecom providers are now also increasingly seeing ransomware targeting OSS/BSS platforms, cloud-native network functions, and many layers in between (including hybrid attacks that combine distraction with data exfiltration). These reflect a shift to multi-stage operations where attackers gain access through weak credentials or exposed devices, establish persistence, and trigger disruption only when it suits their goals. Increasingly, the aim is long‑term leverage, not immediate impact. 

Redefining resilience for modern networks 

In this complex and fast changing environment, resilience is no longer a reactive defensive posture but must be a foundational operating principle, built on operational trust, automation at scale and protection that adapts as fast as the threats themselves. For telecom providers, this means moving beyond legacy security playbooks to prioritising a set of capabilities that will strengthen the networks against both rapid attacks and long-term infiltration. In particular this means: 

• Adopting sub-minute mitigation: Shrinking attack windows demand defense mechanisms that act in real-time, at the network edge and across distributed control planes. Automated policies, AI-driven analytics, and real-time telemetry are now essential to stopping attacks within seconds. 

• Monitoring the telecom crown jewels: Continuous monitoring, explicit trust checks, and anomaly detection tailored to telecom-specific traffic patterns are essential to identifying subtle deviations that may indicate compromise. 

• Focusing on identity hygiene: Nearly 60% of high-cost breaches stem from insider errors or weak credentials. Rigorous identity hygiene, including credential rotation, strong authentication, and granular access control, remains one of the highest-impact defenses against persistent infiltration campaigns. 

• Preparing for post-quantum risks: Cryptographic demands are accelerating as certificate lifecycles shrink and quantum computing approaches. Automated certificate lifecycle management and early preparation for post-quantum cryptography will help future-proof networks against emerging cryptographic threats. 

• Shifting to AI-native security: As attack speeds continue to outpace human response times, AI becomes a cornerstone of resilient defense. Machine learning-based baselining, anomaly detection, and predictive analytics can identify both subtle, long-term intrusions and abrupt, high-volume attacks before services are impacted. Over 70% of network security leaders now prioritise AI/ML-based threat analytics for exactly this reason. 

Resilience as a continuous discipline 

Today, resilience is not about deploying a single tool or control, but instead it is about adopting an operating principle – one that shortens response times, reduces implicit trust, and automates the fundamentals attackers continue to exploit. 

The key here is prioritising resilience as a core network attribute rather than an afterthought. In a threat landscape that continues to evolve and refuses to simplify, protecting mission-critical networks means designing them to withstand both the attacks we see today and those still taking shape. Building networks that refuse to break, combining real-time defence, disciplined identity hygiene, continuous telemetry and AI-driven analytics is central to maintaining secure, reliable connectivity both now and well into the future.