Full Report
This quarter, Australia and New Zealand rank first in growth of the email client threat indicator.
Analysis Summary
# Industry News: ANZ Region Faces Unprecedented Surge in Industrial Email Threats
## Summary
The Kaspersky ICS CERT report for Q3 2025 reveals that Australia and New Zealand (ANZ) have experienced the highest global growth in email client threat indicators within industrial automation environments. This surge highlights a shifting tactical focus by threat actors targeting Operational Technology (OT) sectors through traditional IT entry points.
## Key Details
- **Date:** December 23, 2025
- **Companies Involved:** Kaspersky (ICS CERT), Industrial Automation entities in ANZ
- **Category:** Market Analysis / Threat Intelligence
## The Story
In Q3 2025, the industrial sector in Australia and New Zealand emerged as a primary focus for cyber-attacks, specifically through the medium of email. While global industrial threats fluctuate, ANZ has specifically claimed the top spot for the growth rate of malicious email attachments and phishing links detected on Industrial Control Systems (ICS) computers.
This trend suggests that attackers are increasingly bypassing sophisticated network perimeters to exploit the "human element" within industrial firms. By targeting email clients on workstations that manage or communicate with automated systems, threat actors are attempting to gain an initial foothold that can be leveraged for lateral movement into sensitive production environments.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Strengthens its position as a specialized authority in the ANZ market, potentially driving demand for its ICS-specific security suite.
- **Industrial Firms:** Must reassess insurance premiums and compliance posture as the regional risk profile rises.
### For Competitors
- **Strategic Pressure:** Other global security vendors (e.g., Claroty, Dragos, Palo Alto Networks) will need to pivot their marketing and threat intelligence resources toward the ANZ region to compete with Kaspersky’s hyper-local insights.
### For Customers
- **Operational Risk:** Increased likelihood of ransomware or data exfiltration leading to production downtime.
- **Investment Shift:** Budget reallocations from physical security or general IT security toward specialized OT email protection and employee awareness training.
### For the Market
- **Regional Focus:** The ANZ region is no longer a "quiet" sector for industrial cybercrime; it is now a frontline testing ground for targeted email-based campaigns.
## Technical Implications
The report highlights a trend toward "living-off-the-land" (LotL) tactics, where malicious scripts or documents are delivered via email to execute in-memory, avoiding traditional signature-based detection on ICS computers. The integration of IT and OT networks continues to be the primary vulnerability, as email—an IT service—becomes a direct vector into automation control loops.
## Strategic Analysis
- **Market Positioning:** This data positions Kaspersky as a critical partner for critical infrastructure providers in the South Pacific.
- **Competitive Advantage:** Firms that adopt "Zero Trust" for email communications in OT environments will gain a significant resilience advantage over peers.
- **Challenges:** The geographical isolation of ANZ no longer provides a "security by obscurity" buffer. The main challenge is the shortage of skilled OT security professionals in the region to address these rising threats.
## Industry Reactions
- **Analyst Opinions:** Analysts suggest that the ANZ surge may be linked to regional geopolitical tensions or the high concentration of high-value mining and energy assets in the area.
- **Market Response:** There is an expected uptick in local government mandates for stricter reporting of "near-miss" email-based ICS incidents.
## Future Outlook
- **Predictions:** Expect a wave of "spear-phishing" campaigns specifically tailored to industrial engineering roles, using technical jargon to increase success rates.
- **What to watch for:** Regulatory updates from the Australian Signals Directorate (ASD) and NZ's NCSC regarding mandatory email security standards for critical infrastructure.
## For Security Professionals
Cybersecurity practitioners in the ANZ industrial sector should prioritize:
1. **Air-gapping or Restricting Email:** Ensure that workstations with direct control over PLC/SCADA systems do not have active email clients.
2. **Advanced Threat Protection (ATP):** Implement sandboxing for all email attachments entering the industrial network.
3. **Specific Training:** Conduct phishing simulations that use industrial-themed lures (e.g., "Updated Safety Protocols" or "Equipment Maintenance Schedules").