• Table of Contents Statistics across all threats Selected industries Diversity of detected malicious objects Main threat sources Threat categories Malicious objects used for initial infection Next-stage malware Self-propagating malware AutoCAD malware Authors Kaspersky ICS CERT Statistics across all threats In Q3 2025, the percentage of ICS computers on which malicious objects were blocked decreased from the previous quarter by 0.4 pp to 20.1%. • This is the lowest level for the observed period. • Percentage of ICS computers on which malicious objects were blocked, Q3 2022-Q3 2025 Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 9.2% in Northern Europe to 27.4% in Africa. • Regions ranked by percentage of ICS computers on which malicious objects were blocked In Q3 2025, the percentage increased in five regions. • The most notable increase occurred in East Asia, triggered by the local spread of malicious scripts in the OT infrastructure of engineering organizations and ICS integrators. • Changes in the percentage of ICS computers on which malicious objects were blocked, Q3 2025 Selected industries The biometrics sector traditionally led the rankings of the industries and OT infrastructures surveyed in this report in terms of the percentage of ICS computers on which malicious objects were blocked.

Article Summaries:

  • Threat landscape for industrial automation systems in Q3 2025

In Q3 2025 the proportion of industrial control system (ICS) computers on which malicious objects were blocked fell to 20.1 %-the lowest level recorded in the period, a 0.4‑point decline from Q2. Regional variation was wide, with 9.2 % in Northern Europe up to 27.4 % in Africa. Five regions saw increases, notably East Asia, where local spread of malicious scripts in engineering OT environments drove the rise. Across seven surveyed industries, four-engineering, integrators, and manufacturing-reported higher blocking rates. Kaspersky solutions identified 11,356 distinct malware families, yet blocking of denylisted internet resources and miners slipped. Primary threat vectors remained the internet, email clients, and removable media, with malicious scripts and phishing pages leading the categories.

Sources: