Kaspersky ICS CERT's Q4 2025 threat report reveals that 19.7% of industrial automation computers had malicious objects blocked, continuing a multi-year downward trend. A notable feature of the quarter was a global phishing campaign distributing the Backdoor.MSIL.XWorm worm via fake CV emails targeting HR staff, which spread in two waves across all regions in October and November. Worms and Windows executable miners were the only threat categories to increase. Internet-based threats hit their lowest level since early 2023, while email clients remained a persistent threat vector. Africa showed the highest regional infection rate at 27.3%, while Northern Europe remained the lowest at 8.5%. The oil and gas sector saw an uptick in blocked threats, though all surveyed industries show a long-term downward trend.
Table of contents
Statistics across all threatsFeature of the quarter: worms in emailSelected industriesDiversity of detected malicious objectsMain threat sourcesThreat categoriesSort: