At the end of last year, Austria recorded the strongest increase in the proportion of ICS computers on which ransomware (factor 2.71) and malicious documents (factor 1.49) were blocked among the countries of Western Europe. Germany, on the other hand, had the highest proportion of blocked malicious documents in the Western Europe region at 0.91%, while Switzerland saw a slight increase in the proportion of spyware towards the end of the year.

Austria: e-mail as a central gateway

According to Kaspersky's analysis, Austria recorded the highest increase in the proportion of ICS computers on which ransomware and malicious documents were blocked within the Western Europe region in the fourth quarter of 2025. The value for ransomware increased by a factor of 2.71, while that for malicious documents rose by a factor of 1.49. The proportion in the category of blocked malicious scripts and phishing pages also increased by a factor of 1.35 in Austria.

In terms of the proportion of ICS computers on which threats spread via email clients were blocked, Austria also led all Western European countries with a 2.28% share - the only Western European country with an increase in this area (factor 1.34).

Email was therefore a key distribution channel - this included the "Curriculum-vitae-catalina" phishing campaign, which Kaspersky experts also identified as the biggest threat in the last quarter of 2025. The attackers sent email messages disguised as job applications that contained a malicious executable file - the Backdoor.MSIL.XWorm backdoor worm. In Western Europe, these attacks peaked in October last year.

Germany and Switzerland: malicious documents and spyware in the spotlight

Germany, on the other hand, recorded the highest proportion of ICS computers with blocked malicious documents in Western Europe at 0.91%; together with France, Germany was also at the top of the list for spyware at 1.17%. Switzerland was the only country in the region to see an increase in the proportion of ICS computers on which spyware was blocked over the course of the quarter.

"The development in Austria shows that industrial environments in German-speaking countries could become the target of targeted attacks," comments Waldemar Bergestreiser, General Manager DACH at Kaspersky. "Our analysis makes it clear that email has established itself as a frequently chosen gateway into industrial systems. Companies and organizations should therefore secure their operational technology (OT) as well as their office network (IT) with dedicated protective measures, consistently check incoming emails and rely on threat intelligence services. In addition, employees should be regularly trained in security awareness - preferably on a daily basis via micro-learning units that can realistically become part of everyday working life."

Kaspersky recommendations for protecting industrial environments:

• Carry out regular security assessments and penetration tests to identify vulnerabilities in IT and OT infrastructures at an early stage.
• Implement patch management consistently and prioritize internally exposed systems, remote access and critical components in particular.
• Strengthen email security, as phishing and malicious documents continue to be key entry vectors for attacks on industrial systems.
• Better protect authentication data, for example through multi-factor authentication, strict access controls and regular auditing of privileged accounts.
• Segment OT networks and continuously monitor data traffic between IT and OT environments.
• Use specialized security solutions such as 'Kaspersky Industrial CyberSecurity' to protect industrial control systems from malware, phishing, spyware, ransomware and other threats.
• Use up-to-date threat intelligence, such as Kaspersky's threat intelligence offerings, to stay informed about new attack techniques.