Cyberattacks on Telecoms Accelerate, Driven by GenAI

Generative AI  and automation are fuelling more cyberattacks on mobile operators’ infrastructure, according to a new study published by Nokia. The company, however, noted the technologies could also be used to thwart the threats.

Nokia’s tenth Threat Intelligence Report shows cybercriminals are using the technologies to increase their attacks' speed, volume, and sophistication. Cybercriminals use large language models (LLMs) from the dark web to peruse social profiles to create smishing attacks that induce people to reveal personal information and scour the internet for information that makes their messages look credible.

“The hackers can also use genAI to understand telecommunications networks,” explained Rodrigo Brito, head of security, cloud, and network services at Nokia. “We have observed on the threat intelligence reports that the attacks towards mission-critical networks are now multi-staged attacks and multi-lateral attacks, so the incidents are quite difficult to solve because they are not isolated incidents.” He also noted genAI is a double-edged sword because operators and enterprises can also use it to bring large sets of disparate information together to speed incident resolutions.

In addition to genAI, quantum computing is another vector where threats are emerging. Brito said criminals are in the process of stealing encrypted data thinking they will be able to use quantum computing to decrypt it at a later date. Brito noted another threat trend is cybercriminals targeting SoC components to exploit vulnerabilities in components including software, firmware, and hardware interfaces. With security cameras, cars, and IoT devices equipped with SoCs, criminals can use botnets to infiltrate devices during a firmware update ahead of DDoS attacks.

Nokia found the number and frequency of DDoS attacks increased from one or two a day to more than 100 per day in many networks, based on traffic monitored from June 2023 to June 2024. Botnets continue to be the main source of DDoS attacks, accounting for about 60% of traffic monitored. Residential proxies have become the most-used tool for more advanced application-layer attacks. North America had the highest number of cyberattacks, largely due to the concentration and scale of telecom infrastructure and large enterprises across the US.