The latest Kaspersky Security Bulletin looks at what shaped telecom cybersecurity in 2025, and what is likely to persist in 2026. Advanced persistent threat (APT) activity, supply-chain compromise, distributed denial of service (DDoS) disruption and SIM-enabled fraud continued to pressure operators in 2025, while newer technology deployments introduce additional operational risk, Kaspersky said.
In 2025, telecom operators faced broad threat categories:
- Targeted intrusions (APT) continued to focus on gaining stealthy access to operator environments for long-term espionage and leverage through privileged network positioning.
- Supply chain vulnerabilities remained an entry point: telecom ecosystems rely on many vendors, contractors and tightly integrated platforms, so weaknesses in widely-used software and services can provide a path into operator networks.
- DDoS remained a practical availability and capacity problem.
Between November 2024 and October 2025, the Kaspersky Security Network found that 12.79% of users in the telecommunications sector encountered web threats and 20.76% faced on-device threats. Over the same period, 9.86% of telecom organisations worldwide were ransomware victims.
“The threats that dominated 2025 — APT campaigns, supply chain attacks, DDoS floods — aren't going away. But now they intersect with operational risks from AI automation, quantum-ready cryptography, and satellite integration. Telecom operators need visibility across both dimensions: maintaining strong defenses against known threats while building security into these new technologies from day one.
"The key is continuous threat intelligence that spans from endpoint to edge to orbit,” said Leonid Bezvershenko, Senior Security Researcher at Kaspersky GReAT, the company's global research and analysis team.
To reduce risk and strengthen resilience, Kaspersky experts recommend:
- Track the APT landscape and telecom-relevant infrastructure continuously, through threat intelligence, for example. Such intelligence sources can help to monitor actor and campaign context, and pair that intelligence with regular security awareness training so employees can recognise suspicious activity and apply security policies consistently.
- Treat AI-driven network automation as a change-management programme. Keep a human override for high-impact actions, roll out in stages with clear rollback paths, and continuously validate the data feeding AI systems so noisy or manipulated inputs cannot trigger “confidently wrong” changes at scale.
- Increase DDoS readiness as a capacity-management problem. Validate upstream mitigation, protect edge routing, and monitor for congestion signals that precede customer impact. Use threat intelligence to enrich indicators and spot botnet infrastructure early.
- Deploy an extended detection and response (EDR) capability to detect advanced threats early, support rapid investigation, and enable effective incident containment and remediation.
Details
Read the full telecommunications chapter of the Kaspersky Security Bulletin 2025.
Hashtag: #2025highlights
No comments:
Post a Comment