Biometrics and Building Automation Face the Most Cyberattacks in Early 2025
In a recent report released by the Kaspersky Industrial Control Systems Cyber Emergency Response Team (ICS CERT), it was revealed that the biometrics and building automation sectors were the most targeted operational technology (OT) industries during the first quarter of 2025
. Malicious objects were blocked on 28.1% of ICS computers in the biometrics sector and on 25% of those in building automation.
Africa Tops ICS Cyberattack List with 29.6% of Systems Affected
The report showed that 21.9% of ICS computers globally had malicious objects blocked in Q1 2025. However, this rate varied significantly by region: Africa experienced the highest rate at 29.6%, while Northern Europe had the lowest at 10.7%
. Between Q4 2024 and Q1 2025, the number of attacked ICS computers increased across several regions, including Russia (up 0.9 percentage points), Central Asia (0.7 p.p.), South Asia (0.3 p.p.), and Western, Northern, and Southern Europe (ranging from 0.1 to 0.2 p.p.).
Internet Remains Primary Threat Vector for OT Systems
According to Kaspersky, the internet continues to be the main channel through which cyber threats reach OT systems. In Q1 2025, threats spreading via the internet were blocked on 10.11% of ICS computers
. Email clients were the second most common source (2.81%), followed by removable media (0.52%). Notably, this marks the first increase in internet-based ICS attacks since early 2023.
Advanced Malware Threats Surge Across ICS Networks
The most common threats from the internet include access to denylisted websites, malicious scripts, and phishing pages.
Malicious scripts and phishing pages remain the leading vectors for initial infection, often serving as droppers for second-stage malware such as spyware, cryptominers, and ransomware. These findings underline the need for more advanced detection systems to combat increasingly sophisticated malware campaigns.
Kaspersky’s Recommendations for Strengthening ICS Security
To mitigate the growing risks, Kaspersky experts recommend several key actions:
Conduct regular security assessments of OT systems to identify and fix vulnerabilities.
Establish continuous vulnerability management as a core security process.
Ensure timely updates and patches for all critical OT network components to prevent costly incidents.
Deploy endpoint detection and response (EDR) tools such as Kaspersky Next EDR Expert for effective detection, investigation, and resolution of threats.
Enhance team readiness by investing in specialized OT security training for both IT and operational staff.
About Kaspersky
Founded in 1997, Kaspersky is a global cybersecurity and digital privacy company with over a billion devices protected worldwide
. The company leverages deep threat intelligence and expertise to develop cutting-edge solutions and services for individuals, businesses, critical infrastructure, and governments
. Kaspersky’s comprehensive portfolio includes personal device protection, enterprise-grade security solutions, and innovative Cyber Immune systems designed to counter evolving digital threats.
Read Also:-
FABMISR Achieves 31% Growth in Core Operating Performance
