Nokia has positioned itself at the forefront of telecom network security by leveraging artificial intelligence (AI) and strategic partnerships.
Nokia’s commitment to maintaining network security and efficiency, while driving telecom innovation, is evident in its multifaceted approach, combining advanced threat intelligence, machine learning (ML), and deep industry collaboration.
Through its comprehensive 2024 Threat Intelligence Report, Nokia has shed light on emerging cybersecurity threats and actionable insights, highlighting the need for a proactive, AI-driven approach to protect telecom infrastructure worldwide.
Rodrigo Brito, Head of Security at Nokia, stated, “The use of generative AI and automation for nefarious purposes is leading to a stepwise increase in malicious actors’ capabilities and threat potential. The Threat Intelligence findings further reinforce the need for operators, vendors, and regulators to work more collaboratively to develop more robust network security measures, practices, and awareness.”
Latest Network News: Nokia Partners with Vodafone Idea to Enhance 4G and 5G Networks Across India
The Expanding Threat Landscape in Telecom
From 2022 to 2024, Nokia’s security experts identified a significant increase in cyberattacks targeting telecom operators worldwide, including within regions like the U.S., U.K., Germany, Ukraine, and China. These attacks have often resulted in severe service disruptions, data theft, and unauthorized access to online platforms, underscoring the critical role of cybersecurity in telecom networks.
Figure 1: Distribution by region of cyberattacks against the telecom sector
In 2022, an incident involving a communications service provider (CSP) in the Asia Pacific (APAC) led to the exposure of sensitive personal information, including names, birth dates, addresses, and ID numbers. The breach was initially noticed on September 20, 2022, with conflicting claims between the CSP and an insider regarding the nature and extent of the exposure.
In 2023, another notable incident disrupted multiple services across the region, affecting customers on November 8, 2023. These incidents emphasize the persistent threat of cyber vulnerabilities within telecom infrastructures and the urgent need for communications service providers (CSPs) to adopt more robust security frameworks to protect user data and maintain service integrity across the Asia Pacific region.
The APAC region is proactively tackling its cybersecurity landscape, driven by both regional collaborations and specific national strategies. The Association of Southeast Asian Nations (ASEAN), via its ten member nations, is in the process of developing a comprehensive set of cybersecurity regulations that will be unveiled in 2025. This initiative reflects ASEAN’s commitment to strengthening cybersecurity frameworks and enhancing regional resilience in response to rising cyber threats across the telecom sector.
In addition to ASEAN's efforts, significant security measures are also evident across east Asia, where economic advancement and digital capabilities have led to substantial cyber activities, drawing the attention of cybercriminals. Nokia’s recent initiatives emphasize using AI and strategic partnerships to bolster telecom security, including through collaborations in east Asia, as part of a wider regional approach to address cybersecurity vulnerabilities.
Moreover, regulatory bodies within the Asia Pacific are intensifying their oversight, with countries like Singapore imposing strict Quality of Service (QoS) requirements through the Infocomm Media Development Authority (IMDA). These regulations, along with Australia's Security of Critical Infrastructure Act 2022, underscore a regional shift towards stronger cybersecurity governance.
Telecom Review Asia Exclusive Interview: Nokia's AI Leap Forward in Telecom Security
Global Security Strategy
In 2024, a coordinated law enforcement effort targeting the LockBit ransomware group dismantled its network, seized cryptocurrency assets, and neutralized a significant threat to telecom networks worldwide. This cooperation highlights the importance of information sharing between the public and private sectors to prevent cyberattacks and enhance resilience against future threats.
Nokia also collaborates with CSPs and industry experts, including its Advanced Consulting Services, Cybersecurity Consulting, and Nokia Bell Labs, to develop quantum-safe networks and prepare for the future of quantum computing. As quantum technologies advance, traditional encryption methods will become more vulnerable, making it essential for Nokia to innovate and invest in quantum-safe solutions.
The threat intelligence report highlights the GSMA Mobile Threat Intelligence Framework (MoTIF) as an essential tool for CSPs, enabling them to systematically address and mitigate security risks across mobile networks, from 2G to 5G. MoTIF focuses on adversary techniques, tactics, and procedures (TTPs) specific to mobile threats, covering critical areas like roaming, SMS, and VoIP. By integrating with the STIX framework, MoTIF enhances interoperability, helping CSPs proactively address malware and phishing while safeguarding both network integrity and customer trust.
Meanwhile, the 2023 discovery of GTPDOOR malware, linked to the LightBasin group, underscores the necessity of vigilant monitoring and advanced security strategies. This malware, concealed within standard traffic, has compromised multiple telecom providers globally, highlighting the importance of multi-layered defense strategies against evolving threats.
In parallel, system-on-chip (SoC) technology, critical for 5G and IoT advancements, has become a new focus for cybercriminals. These integrated circuits, despite boosting performance and reducing power use, create expanded vulnerabilities. CSPs must adopt robust encryption, access controls, and AI-driven threat mitigation to safeguard against potential SoC-based attacks.
As SoCs integrate multiple functions onto a single chip, they increase device performance and efficiency but also broaden the attack surface. Cybercriminals now frequently target vulnerabilities within SoC components such as firmware, software, and hardware interfaces, resulting in potential unauthorized access, data theft, and system compromise.
The widespread adoption of connected devices, particularly in IoT, has accelerated SoC attacks. IoT devices, often focused on cost-effectiveness, may lack robust security measures, making them attractive targets. The consequences can be severe: an attack on SoC-based controllers in critical infrastructure could disrupt energy grids or transport systems, while compromised SoCs in automotive systems could lead to unauthorized vehicle control.
Furthermore, DDoS attacks continued to surge in 2024, with a 166% increase in DDoS traffic year over year (YoY), primarily driven by the rise in insecure IoT devices. Multi-vector strategies and DNS amplification remain common, while other vectors like NTP and CLDAP amplification are declining. Botnets also pose a serious threat, with 60% of botnet DDoS attacks involving fewer than 100 bots. Carpet-bombing DDoS attacks, targeting multiple IPs, grew in scope, with some impacting thousands of IP addresses.
A shift towards shorter attack durations emphasizes the need for rapid, automated response. Attack sophistication has increased, often employing AI for adaptive targeting. AI-driven DDoS attacks saw a significant rise in 2024, marking a new era of advanced threat capabilities.
Also Read: Singtel Partners with Cisco, Fortinet and Nokia to Launch Quantum Security Solutions
A Focused Approach to IT and Telecom Network Security
Telecom networks require unique security strategies compared to conventional IT security due to their extensive infrastructure and critical role in communication. Nokia recognizes the dual needs of CSPs, who must secure both enterprise IT systems and telecom network infrastructure. By converging IT and telecom security under a single Chief Information Security Officer (CISO), CSPs can adopt a unified approach to protect both domains effectively. In Nokia’s model, advanced AI-driven tools and expert-led threat intelligence form a crucial foundation, enabling CSPs to address both IT-specific and network-specific vulnerabilities.
Table 1: IT security versus telecom network security
The potential impact of network security breaches can be severe, with consequences that extend to public safety, service availability, and even national security. Nokia’s commitment to securing telecom networks through AI and strategic partnerships exemplifies its understanding of the unique requirements of this sector. For example, eavesdropping, signaling storms, and roaming interface attacks could lead to service disruptions affecting millions, whereas IT security breaches generally result in data theft and financial losses. Nokia’s approach ensures comprehensive security for both telecom network infrastructure and user data, protecting both CSPs and their customers.
At Nokia’s global security operation centers, telecom experts manage over 360,000 incidents annually, including triaging more than 3,500 security issues and addressing over 20 critical global incidents across SOCs in the APAC, EU, MEA, and Americas regions. Monthly, these teams track hundreds of security incidents, with the Endpoint Detection and Response (EDR) team monitoring comparable volumes every six months. This extensive, continuous monitoring provides valuable insights into evolving security trends and identifies the strategies needed to address them effectively.
Related: Indosat, Nokia to Boost Indonesia’s Digital Talent and AI Adoption Capabilities
How CSPs Are Tackling Cybersecurity Challenges
Telecom operators are navigating a rapidly changing cybersecurity landscape shaped by the pressing need to manage evolving threats and meet government regulations. Compliance is increasingly viewed as a baseline requirement rather than a differentiator. However, proactive threat management remains crucial, with 34% of CSPs identifying it as a primary driver of their security strategies.
Figure 2: Most important factors driving CSPs' security strategy
Effective risk management is revolutionizing how CSPs allocate their cybersecurity budgets. Over 60% of survey respondents ranked risk management as a top priority, surpassing the 50% who focused on regulatory compliance. This shift underscores the recognition that effectively identifying and mitigating risks is vital for not just compliance but also for robust security and operational resilience. As threats become more sophisticated and regulations tighten, prioritizing risk management enables CSPs to proactively address vulnerabilities and protect their assets.
The role of the CISO is evolving to encompass both enterprise IT and telecom networks. Insights from the 2023 Nokia-commissioned TM Forum report indicate that 71% of respondents now have a single CISO or Chief Security Officer (CSO) overseeing both domains, exemplified by operators like Telefónica, KPN, and TELUS.
Despite these advancements, there remains a critical gap in continuous threat monitoring within the telecom infrastructure sector compared to enterprise IT environments. Effective threat monitoring is essential for reducing insider threats and enhancing data protection. By gaining full visibility into data access across their networks, CSPs can better defend against both internal and external threats. Investment priorities include Extended Detection and Response (XDR) and Security Orchestration, Automation, and Response (SOAR), with 51% of CSPs prioritizing these technologies to establish robust, automated defenses against evolving cybersecurity threats.
Read More: Nokia Sets its Sights on Stronger Year-End Growth