Q1 2026 Threat Landscape for Industrial Automation Systems Revealed

Q1 2026 Threat Landscape for Industrial Automation Systems Revealed

First seen 7 Jul 2026, 12:27 UTC Securelistics-cert.kaspersky.com 90% similarity 36.9

Article Content

Browse articles
ThreatCluster

In Q1 2026, the percentage of ICS computers on which malicious objects were blocked fell to 19.6%, the lowest in three years. This decline is attributed to various attack vectors, including phishing pages and spyware, affecting regions differently, with Africa at 27.4% and Northern Europe at 9.1%. Southern Europe saw a notable increase in threats, particularly from internet and email sources. Russia experienced a rise in blocked threats, particularly from denylisted internet resources and spyware. Biometric systems were identified as the most targeted, with 26.4% of ICS computers affected. The report highlights a downward trend in overall malicious activity across industries, with the manufacturing sector being an exception. Kaspersky's solutions blocked malware from over 10,000 different malware families during this period.

Key Points: • The percentage of ICS computers blocked by malware dropped to 19.6%, the lowest in three years. • Southern Europe experienced significant increases in internet and email threats, surpassing global averages. • Biometric systems are the most affected, with 26.4% of ICS computers encountering malicious objects.

ThreatCluster AI

Timeline

2026-07-07
Threat landscape report published
Kaspersky released its Q1 2026 report detailing the decline in blocked threats across industrial automation systems.
ics-cert.kaspersky.com
2026-07-07
Securelist report on industrial threats
Securelist published findings on the industrial automation threat landscape, echoing Kaspersky's results.
Securelist

Community

Browse all →