The global cybersecurity company Kaspersky announced on the 13th that malware was discovered and blocked on 21.9% of industrial control system (ICS) computers worldwide in the first quarter of 2025.
According to the latest report released by Kaspersky's Industrial Control Systems Cyber Emergency Response Team (ICS CERT), attacks occurred across all regions of the world, with Northern Europe at 10.7%, the lowest, and Africa at 29.6%, the highest. From the fourth quarter of 2024 to the first quarter of 2025, the percentage of blocked ICS computers with malware increased in regions such as Russia (up 0.9 percentage points), Central Asia (up 0.7 percentage points), South Asia (up 0.3 percentage points), Western Europe (up 0.2 percentage points), Northern Europe (up 0.1 percentage points), and Southern Europe (up 0.1 percentage points).
The biometric field faced the most attacks across the entire industry, with malware being blocked on 28.1% of ICS computers. Following this were ▲building automation at 25% ▲power facilities at 22.8% ▲construction facilities at 22.4% ▲process equipment at 21.7% ▲oil and gas facilities at 17.8% ▲manufacturing at 17.6%.
At the beginning of 2025, the OT cyber threat environment remained diverse, with internet-based threats continuing to pose major cyber risks to OT computers. Internet-based threats were blocked on 10.11% of ICS computers, followed by email clients at 2.81% and removable media at 0.52%. The most common types of malware were malicious scripts, phishing pages, and blocked internet resources.
Lee Hyo-eun, head of Kaspersky Korea, said, "Korea is a leading country in smart manufacturing and digital transformation, but as a result, OT-based infrastructure is increasingly exposed to more sophisticated threats." She further noted, "Attackers are now combining malware and social engineering to target industrial systems, particularly biometric systems and smart factories." She added, "Security responses must now shift from post-incident responses to proactive threat detection, and for this, continuous OT monitoring, specialized personnel training, and supply chain protection are essential."
Evgeny Goncharov, head of ICS CERT, stated, "In the first quarter of 2025, the proportion of ICS computers attacked due to malware spread via the internet increased for the first time since 2023," adding, "The main types of internet-based threats are blocked resources, malicious scripts, and phishing pages. In particular, malicious scripts and phishing pages are most commonly used for initial ICS infections, serving as droppers for installing subsequent malware." He emphasized, "The increase in internet-based attacks targeting ICS suggests the need for the adoption of advanced threat detection technologies capable of responding to sophisticated malicious attacks."