Full Report
This quarter, Australia and New Zealand ranked first in terms of the growth in the percentage of ICS computers on which web miners were blocked.
Analysis Summary
# Industry News: ANZ Region Sees Global Surge in Industrial Web Mining Threats
## Summary
In Q4 2025, Australia and New Zealand (ANZ) recorded the highest global growth rate for web miners blocked on Industrial Control Systems (ICS) computers. This trend highlights a significant shift in the regional threat landscape, as attackers increasingly target industrial infrastructure for resource hijacking and illicit cryptocurrency mining.
## Key Details
- **Date:** April 30, 2026 (Reporting on Q4 2025 Data)
- **Companies Involved:** Kaspersky ICS CERT, various industrial sector entities in ANZ
- **Category:** Market Analysis / Threat Intelligence
## The Story
The latest intelligence from Kaspersky ICS CERT reveals that the ANZ region has moved to the forefront of global industrial security concerns. While historical focus has been on data theft or sabotage, the data shows a surge in "web miners"—scripts that run in browsers to harness the CPU power of industrial machines. This quarter, ANZ outperformed all other regions in the *growth rate* of these detections on ICS-integrated computers. This suggests that the region's industrial sector may be viewed by threat actors as a ripe, under-defended environment for resource-based monetization.
## Business Impact
### For the Companies Involved
- **Operating Costs:** Unauthorized mining significantly increases electricity consumption and wear-on-hardware for industrial operators.
- **System Reliability:** Resource hijacking can cause latency in critical monitoring systems, potentially leading to operational outages.
### For Competitors
- **Differentiator Opportunity:** Managed Service Providers (MSPs) and security vendors focusing on the ANZ region can leverage this data to justify increased investments in endpoint protection tailored for industrial environments.
### For Customers
- **Supply Chain Risk:** Industrial customers may face delays or increased costs if their providers' automation systems are degraded by cryptojacking activities.
### For the Market
- **Regional Shift:** The data indicates that ANZ is no longer a peripheral target for low-level cybercrime; it is now a primary testing ground for automated resource-hijacking campaigns.
## Technical Implications
Web miners are often delivered via compromised websites or through malicious advertisements (malvertising) accessed by ICS operators. In industrial settings, these miners compete for system resources with Human-Machine Interfaces (HMIs) and SCADA software. The technical risk involves "browser-based persistence" where mining continues as long as an operator's browser remains open, even on air-gapped-adjacent systems that occasionally sync with the internet.
## Strategic Analysis
- **Market Positioning:** Security firms with strong "Detection and Response" (EDR) for industrial endpoints will gain a stronger foothold in the ANZ market.
- **Competitive Advantage:** Firms that offer "low-overhead" security agents (which do not further strain the CPU) will have a distinct advantage in this "resource-sensitive" climate.
- **Challenges:** The primary obstacle is the aging infrastructure in many ANZ industrial sites, which may not support modern security telemetry needed to detect stealthy miners.
## Industry Reactions
- **Analyst Opinions:** Analysts note that the surge in ANZ suggests a localized "gap" in browser-security hygiene within the industrial workforce.
- **Market Response:** There is an expected uptick in demand for content filtering and specialized browser-isolation tools within the mining, energy, and manufacturing sectors of Australia.
## Future Outlook
- **Increased Regulation:** Expect Australian and New Zealand authorities to introduce stricter guidelines regarding the internet connectivity of ICS-integrated hardware.
- **What to Watch For:** Watch for a transition from simple web miners to more sophisticated "fileless" miners that reside in the memory of industrial servers.
## For Security Professionals
Cybersecurity practitioners in the ANZ industrial sector should prioritize:
1. **Browser Hardening:** Implementing strict policies on browsers used on HMI and SCADA workstations.
2. **Resource Monitoring:** Setting alerts for unexplained CPU spikes on critical ICS assets.
3. **Network Segmentation:** Ensuring that internet-facing activities are strictly isolated from the core control network.