Every January, we start the year with news of record-breaking attempted cyberattacks, and 2025 has been no different. Sonatype’s State of the Software Supply Chain report found 2024 to be a 10-year high in malicious software activity, with 704,102 malicious software packages discovered.
As we move into 2025, heightened efforts must be made to protect against increasingly sophisticated attacks employed by cybercriminals, particularly as the number of attack surfaces continues to expand.
For modern businesses, safeguarding operations, data and reputation is paramount. This necessitates a concerted effort to protect mobile networks, devices and the broader telecom infrastructure from an ever-evolving array of cyber threats.
In this new era, having a comprehensive awareness of your organization’s inventory – including equipment, software, and services – is essential.
An organization’s network is effectively a vast digital landscape, where every device and application represents a potential entry point for cyber adversaries. Understanding this full scope, from legacy systems to cutting-edge software stacks, is crucial for crafting a robust and effective defense strategy.
In 2025, organizations must get up to speed with the techniques of cyber attackers, as you can be sure they will have a very detailed understanding of your own estate.
Understanding Cybercriminals’ Tactics
Over the years, cybercrime has become a lucrative and increasingly sophisticated business, with some outfits even establishing their own research and development teams.
It's crucial to understand how the very first step of their planning process has evolved and identify the weakest links in your network infrastructure.
The reconnaissance phase is a vital initial step in cyber-attacks, during which attackers gather information about their target to pinpoint potential vulnerabilities and devise their plan of attack. Various techniques are employed to get a clear picture of the target's network structure, software and personnel.
This includes technical methods like IP address pinging, which is used to identify active systems to target by determining if a server is connected and responsive; port scanning, meanwhile, identifies which ports are open and the services running on a server. LinkedIn profiles have also become a surprisingly effective asset for attackers to gather information about their targets, such as identifying individuals with escalated privileges.
Effective reconnaissance sets the stage for a successful and more impactful attack. Once they have a solid understanding of the target's environment and vulnerabilities, they move on to figuring out the best way to infiltrate the attack surface.
The Dynamic Nature of the Attack Surface
As the number of connected devices continues to grow, so too does the attack surface available for cybercriminals to exploit. This growth is making it trickier to defend networks given the sheer volume of devices connected that need to be protected.
The expansion of 5G Standalone (SA) networks represents just one example; while 5G SA is pivotal to the advancement of 5G services, bringing new enterprise capabilities, the ongoing rollouts represent a further expansion of attack surfaces.
However, as the telecom landscape evolves, the decommissioning (or 'sunsetting') of older 2G and 3G networks is reducing the complexity of defense. Research from GSMA Intelligence revealed that between 2010 and Q2 2024, there were 137 network sunsets, with around 50% completed in the last three years.
This is providing an opportunity for security experts to simplify the network by reducing the number of connected systems and focusing on essential components that can help defend against attacks more effectively.
Forgotten or neglected systems, especially those from development networks or which have been acquired through mergers and acquisitions, can become attack vectors if they are still connected to the network but not properly secured.
We must remember that attackers are looking for any way to gain access to a network, including both the obvious and less obvious routes. It’s therefore never been more important to ensure that every attack surface is properly protected.
Primary Methods of Attack
Understanding the potential methods of attack is crucial if an organization is to develop an effective security strategy. While the tools in a cybercriminal’s arsenal are constantly expanding, some of the most widely deployed include:
Phishing Attacks
Perhaps the most widely known and commonly employed method to penetrate perimeter defenses, phishing is an attack vector which won’t be going away any time soon. These attacks often involve pretexting, whereby the attacker creates a fabricated scenario to manipulate individuals into divulging sensitive information.
They can take many different forms, whether it’s a message tailored to an individual through their LinkedIn profile or a mass email sent to large distribution lists in the hope that somebody will click on a malicious link.
There are various means of defense against successful phishing attacks, ranging from internal awareness campaigns for employees to layered defense systems designed to stop hackers from progressing further once they have entered. Additionally, implementing 'least privilege' schemes and security partitioning of the network can enhance protection
Supply Chain Attacks
These attacks involve exploiting trusted relationships with service providers to gain access to their clients’ networks and systems. If an organization has a comprehensive view of its vulnerabilities as well as the vulnerabilities of the companies it works with, it will be better positioned to respond to potential cyber-attacks or stop them happening in the first place.
Attacks on Exposed Routers and Servers
These attacks target neglected and unprotected devices and networks to gain unauthorized access, disrupt services, steal sensitive data and use these compromised devices as a foothold for further attacks within the network.
Legacy equipment can use protocols with limited in-built security, such as Telnet. These exposed interfaces must be configured to use secure protocols or have additional security controls such as VPN protection to reduce the likelihood of success for an adversary attack.
This applies to virtualized deployments in the same sense, in that bare metal compute, storage and network devices must be protected. Additionally, unused management protocols, internet services and accounts can be disabled to limit opportunities for attack.
Attacks Against Corporate and Operational Networks
One critical security aspect is the link between the corporate and operator networks, as it provides an attack vector into the operational network. For example, a systems administrator working for a network operator will have a laptop that’s connected to the internet for their corporate email; if that network is also connected to the operational network, the organization could be at considerable risk.
Good security practices can mitigate this risk through secure networks, strong authentication and strong privileged access management. Using the example above, it would be best for the systems administrator to use separate laptops and access methods for their administrative tasks to reduce any risk to the operational network in the event their own IT network is compromised.
It Pays to be in the Know
With the number of connected devices always growing, navigating cybersecurity threats can seem like an endless battle for organizations. The GSMA has created the Mobile Cybersecurity Knowledge Base, a resource designed to help mobile network operators, equipment manufacturers, service providers and other industry stakeholders understand the potential security threats posted by mobile networks and ensure they are well-prepared against potential threats. The documents provide best practices and recommendations on topics including risk management, device security, operator network security and more.
Knowledge is power in cybersecurity, and the best defense against a potential breach is to know who you’re up against. The cyber threat landscape is constantly evolving as attackers experiment with new methods of attack.
Security teams must stay attuned to the techniques employed by attackers and analyze their own organization’s vulnerabilities if they are to get through 2025 unscathed.