Those are among the key findings from the GSMA’s eighth Mobile Telecommunications Security Landscape report, which analyses security developments across the sector during 2025. Speaking about the report, Samantha Kight, head of industry security at the GSMA, says the data shows both a rise in attacks and a changing profile of adversaries.
“We’ve seen an increase in attacks and reports on attacks in the last year, particularly,” Kight says. The report draws on open-source monitoring as well as information shared by operators and industry groups through the GSMA’s security initiatives.
While the report examines six major areas of risk, Kight highlights three trends that stand out this year: the democratisation of attacks, the growth of pre-positioning tactics, and the persistent problem of weak cyber hygiene.
The ‘democratisation’ of cyber attacks
One of the most notable developments is that the barriers to launching telecom-related attacks are falling.
“We’re seeing a real increase in the democratisation of attacks,” Kight explains. “Essentially, the bar has been lowered for how easy it is for adversaries to carry out these attacks.”
Tools that were once limited to sophisticated actors are becoming widely available online. In particular, Kight points to the growing accessibility of tools such as SMS blasting platforms, which can be used in large-scale scams and spam campaigns.
“We’ve seen more access, easier access, to the likes of SMS blasters,” she says, noting that this increased availability is contributing to higher levels of fraud and disruption across the industry.
AI is also playing a role in lowering the barrier to entry. While AI is not the sole driver of attacks, it is making certain techniques, particularly social engineering, easier to deploy at scale.
“I think AI is helping,” Kight says. “It’s just made it more accessible to people.”
Tools powered by AI can help generate convincing phishing messages or automate scam campaigns, allowing less technically skilled actors to launch attacks that once required more specialist capabilities.
Attackers staying longer inside networks
Another major trend identified in the report is the rise of pre-positioning attacks, where adversaries infiltrate networks and remain undetected for extended periods while gathering intelligence.
“We’ve seen an increase of that as well, particularly in the last year,” Kight says.
Rather than immediately launching disruptive activity, attackers may quietly monitor systems and map network structures before carrying out an operation. This approach, sometimes associated with “living off the land” tactics, allows adversaries to exploit legitimate tools already present in the environment.
Once attackers have gathered enough information, they can strike at a time that maximises impact.
However, Kight stresses that operators are increasingly adopting proactive defences designed to detect such behaviour earlier.
“A lot of operators have the technology to be able to find that,” she says. “Proactive threat hunting should help support that.”
Threat hunting, the practice of actively searching for suspicious activity within networks, has become an important capability for telecom security teams trying to detect intrusions before they escalate.
The overlooked basics
Despite the sophistication of some attacks, Kight says that many security incidents still stem from relatively simple issues.
“The mobile estate is very complex,” she explains, pointing to the coexistence of multiple generations of technology and large amounts of legacy equipment.
This complexity can make it difficult for operators to maintain consistent security practices across the entire network environment. As a result, fundamental tasks such as patching or aligning with established standards can sometimes be overlooked.
“Sometimes the basics can get overlooked because organisations are trying to prioritise some of the biggest threats,” Kight says.
Ensuring compliance with GSMA and 3GPP security standards remains a critical step in reducing exposure, she adds.
“We’ve seen a rise in things like ransomware and issues where patching hasn’t happened, or standards haven’t been followed.”
Will AI favour attackers or defenders?
The rapid development of AI is raising questions across the cybersecurity industry about whether it will ultimately benefit attackers or defenders.
Kight remains cautiously optimistic that defensive capabilities will ultimately prevail.
“I always like to think that it will favour the defenders,” she says.
AI has already become an important tool in threat detection and network monitoring, allowing security teams to analyse large volumes of data and identify suspicious patterns more quickly. At the same time, attackers are also using AI to refine scams and social engineering tactics.
“There’s been a lot of AI used in social engineering and scams,” Kight says, describing this as one of the most visible impacts so far.
However, despite the rising number of attacks, she says the overall rate of successful compromises has not necessarily increased at the same pace.
“Yes, the number of attacks has risen,” she says, “but I don’t know whether the number of compromises has suddenly exceeded what it was before.”
Sharing intelligence across the industry
A key element of the report is the collaborative way in which the data is gathered.
The GSMA monitors open-source intelligence but also collects anonymised data from operators through its Telecommunications Information Sharing and Analysis Centre (T-ISAC) and its long-running Fraud and Security Group.
“We gather information from operators through the information sharing and analysis centre,” Kight explains. “They share what they’re seeing, and we anonymise it and use examples in the report.”
The Fraud and Security Group also contributes insights from specialists working directly on telecom networks.
“They have a wealth of knowledge and expertise,” Kight says. “They’re really the leaders in the industry protecting our networks.”
Supply chain awareness – but ongoing complexity
Supply chain security has been a major theme of telecom cybersecurity discussions for several years, and Kight believes the industry has developed a strong awareness of the risks.
“I think telcos understand that very well,” she says.
However, the complexity of telecom infrastructure, spanning legacy hardware, modern software-defined networks and multiple vendors, means risk management across the supply chain remains challenging.
“It’s hard to explain how complex it is when you’re looking at the network, the legacy systems and the new software-defined networks,” Kight says. “There are a lot of different teams having to coordinate to protect telecom infrastructure.”
The human factor
Despite the technological sophistication of modern networks, Kight believes the biggest vulnerability may still be people.
“If we’re talking about the biggest risk, I’d say humans,” she says.
Human error, social engineering and phishing attacks continue to be major sources of security incidents. Even experienced professionals can occasionally fall victim to well-timed or well-crafted messages.
“The human factor is probably the weakest link,” Kight says.
Because of this reality, she argues that operators must adopt what is often called an “assume breach” mindset.
“I don’t think anyone in the security world will ever say we’re fully covered in every area,” she says. “You just have to assume that something will go wrong and try to minimise the risk as much as possible.”
Security now a board-level issue
One encouraging development is that telecom security is receiving far more attention at senior levels of organisations.
“10 years ago, it was quite a fight for security teams to get attention from the board,” Kight says.
Today, the critical role of mobile connectivity in society, from emergency services to everyday communication, has made cybersecurity a strategic priority.
“People’s phones are their lifelines,” she says. “The board is fully aware of the need to ensure people are connected, but also that it’s done securely.”
As the telecom industry continues to evolve, Kight believes collaboration across the ecosystem will remain essential to tackling emerging threats.
“The industry is very aware of the challenges,” she says. “It’s about staying constantly alert to the risks and working together to reduce them.”
RELATED STORIES
UK data centres are now national security targets
Capacity Europe 2026
The 24th anniversary edition of Capacity Europe 2025 will bring together 3,500+ decision-makers from the global connectivity and digital infrastructure community.
