Threat landscape for industrial automation systems in Q4 2025

Kaspersky’s Q4 2025 ICS threat report shows an overall decline in malicious object detections but highlights a notable global phishing campaign (“Curriculum‑vitae‑catalina”) that distributed the Backdoor.MSIL.XWorm worm via CV‑named executables, causing a 1.6× increase in worms on ICS computers (1.60% blocked). The report details regional and industry statistics, primary infection vectors (email, internet, removable media), growth in Windows executable miners and worms, and provides sector-specific visibility with Biometrics, Oil & Gas, and regions such as Southern Europe and South Asia notably affected.