Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intense

The number of DDoS attacks on critical networks has reached an all-time high, fuelled by vast numbers of compromised home internet connections.

Attackers have stepped up their intrusions into core networks, according to Nokia's 11th annual Threat Intelligence Report.

In some cases, attackers are accessing sensitive systems such as subscriber data and lawful interception platforms – for example, in the high-profile Salt Typhoon case.

"Connectivity powers everything from public safety and financial transactions to digital identity," said Kal De, senior vice president, product and engineering, cloud and network services at Nokia.

"Recent attacks have reached lawful interception systems, leaked sensitive subscriber data, and disrupted emergency services."

Most telecom operators, 63%, dealt with at least one 'living off the land' attack last year, with 32% seeing four or more.

And these attacks are getting shorter and more intense. Terabit-scale DDoS attacks are now happening five times more frequently, and with greater peak strength than last year. DDoS peaks in the 5 to 10Tbps range are 'the new normal', said Nokia.

And with 78% of DDoS attacks now ending within five minutes – up from 44% in 2024 – and 37% wrapping up in under two minutes, detection and mitigation need to be fast.

Nearly 60% of high-cost breaches take place thanks to insider actions or mistakes, with complex supply chains further increasing exposure to credential misuse, privilege escalation and physical access breaches.

Meanwhile, 76% of vulnerabilities stem from missing patches, and application‑layer issues, including poor access controls and exploitable software flaws, are common too.

Organizations are fighting back with AI, with more than seven-in-ten telecom security leaders saying they now prioritize AI- and ML-based threat analytics, and with more than half planning to deploy AI for detection in the next 18 months.

However, warned Nokia, despite upcoming quantum security compliance deadlines from governing bodies – particularly in the EU – the industry doesn't have the sense of urgency that it should. Quantum computing risk ranked second to last among concerns for network security professionals.

Meanwhile, the timespan in which digital certificates remain valid is shrinking dramatically, from a current year or more to just 47 days by 2029 – highlighting a need for automated certificate management.

In all, said Nokia, around 100 million residential endpoints are compromised – 4% of the world total – making DDoS protection essential.

"In light of the rise of industrialized attack tools, millions of insecure IoT endpoints and organized botnets employing residential proxies, network owners must act now to protect their assets and customers from massive, complex and highly variable DDoS attacks in the 10-plus terabit range," said Jeff Smith, vice president and general manager, Deepfield, at Nokia.

"Security should not be an afterthought; rather, DDoS protection must be built into the network itself, ensuring critical network functions continue uninterrupted."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.