VYPR
researchPublished Jul 7, 2026· 1 source

Industrial Automation Systems Face Declining but Persistent Threats in Q1 2026

Kaspersky's latest report indicates a three-year low in blocked malware on industrial control systems, though specific regions and sectors, particularly biometric systems, continue to experience significant threats.

Kaspersky's Q1 2026 Industrial Threat Report reveals a notable decrease in malicious objects targeting industrial control systems (ICS), with the percentage of affected computers dropping to 19.6%. This figure represents the lowest point in three years, marking a significant decline from previous periods and indicating a potential shift in threat actor focus or improved defensive measures within the industrial sector.

Despite the overall downward trend, regional disparities persist. While Northern Europe saw the lowest attack percentages, Africa experienced the highest. Notably, Southern Europe, Northern Europe, and Russia observed an increase in blocked malicious objects. Southern Europe, in particular, led in the growth of internet and email threats, alongside a surge in spyware and malicious script activity, suggesting a localized intensification of cyber threats.

Biometric systems continue to be the most targeted industry, with 26.4% of ICS computers experiencing blocked malware. This sector's high exposure is attributed to its reliance on internet connectivity, extensive email usage for operational processes, and often, less stringent cybersecurity controls. The prevalence of email threats in biometric systems even surpasses internet threats, highlighting a critical vector for compromise.

The manufacturing sector also saw a slight increase in blocked malware, primarily driven by activity in Western Europe, Northern Europe, and Russia. This suggests that while overall threats may be declining, specific industries remain attractive targets for malicious actors, necessitating continued vigilance and tailored security strategies.

Malicious scripts and phishing pages (JS and HTML) remained a significant threat category, with a global average of 6.56% of ICS computers affected. Southern Europe showed a substantial increase in this area, particularly impacting biometric and building automation systems. Spyware, despite a general decrease, maintained its position as the second-most prevalent threat category, with notable increases observed in Southern Europe and Russia, impacting sectors like biometric systems and oil and gas.

Denylisted internet resources also saw an uptick, particularly in Southeast Asia and within the electric power and construction industries. This indicates a continued effort by attackers to leverage compromised websites and malicious links to infiltrate industrial networks. The report also noted a slight increase in AutoCAD malware, suggesting targeted attacks against design and engineering workflows.

Overall, the Q1 2026 landscape for industrial automation systems presents a complex picture. While a general reduction in blocked malware is encouraging, the persistent and, in some cases, increasing threats in specific regions and industries like biometric systems underscore the ongoing need for robust cybersecurity measures. The continued prevalence of phishing, spyware, and malicious web resources highlights the importance of user education and network-level defenses.

The findings emphasize that the threat landscape is dynamic, with attackers adapting their tactics. Organizations within the industrial sector must remain vigilant, focusing on understanding their specific risk profiles and implementing comprehensive security strategies to counter evolving threats.

Synthesized by Vypr AI