Research by Nokia found generative AI (genAI) and automation are fuelling more cyberattacks on mobile operators’ infrastructure, though the company noted the technologies could also be used to thwart the threats.

Nokia’s tenth Threat Intelligence Report shows cybercriminals are using the technologies to increase the speed, volume and sophistication of their attacks.

Rodrigo Brito, head of security, cloud and network services at Nokia, told Mobile World Live criminals are using large language models (LLMs) from the dark web which do not have the same ethical measures in place as public versions.

Cybercriminals use the LLMs to peruse social profiles to create smishing attacks that induce people to reveal personal information and to scour the internet for information which makes their messages look credible.

“The hackers can also use genAI to understand telecommunications networks,” he explained.

“We have observed on the threat intelligence reports the attacks towards mission critical networks are now multi-staged attacks and multi-lateral attacks, so the incidents are quite difficult to solve because it’s not an isolated incident”.

But he noted genAI is a double-edged sword because operators and enterprises can also use it to bring large sets of disparate information together to speed incident resolutions.

Quantum
In addition to genAI, quantum computing is another vector where threats are emerging.

Brito said criminals are in the process of stealing encrypted data thinking they will be able use quantum computing to decrypt it at a later date.

He noted the US National Institute of Standards and Technology (NIST) recently standardised the first algorithms which will form components of an approach to counter the potential threats of using quantum computing to break encryption.

Brito noted another threat trend is cybercriminals targeting SoC components to exploit vulnerabilities in components including software, firmware and hardware interfaces.

With security cameras, cars and IoT devices equipped with SoCs, criminals can use botnets to infiltrate devices during a firmware update ahead of DDoS attacks.

Nokia found the number and frequency of DDoS attacks increased from one or two a day to more than 100 per day in many networks, based on traffic monitored from June 2023 to June 2024.

Botnets continue to be the main source of DDoS attacks, accounting for about 60 per cent of traffic monitored. Residential proxies have become the most-used tool for more advanced application-layer attacks.

North America had the highest number of cyberattacks, largely due to the concentration and scale of telecom infrastructure and large enterprises across the US.

The research is compiled by Nokia’s Threat Intelligence Centre, the Nokia CyberSecurity Centre, the Nokia Security Operations Centre and the Nokia Deepfield Emergency Response Team.