Kaspersky’s report is describing a detection trend on industrial control system-related computers, not proof of active outbreaks on every affected network.
What the report is saying
- It reports an increase in blocked malicious objects classified as worms delivered through email attachments on ICS computers.
- The keyword is blocked, which means the security product detected and stopped them.
- That indicates higher exposure or more frequent delivery attempts, but it does not automatically mean successful infection.
Why this matters for ICS environments
ICS and industrial networks are often more sensitive than standard office systems because:
- Downtime can affect physical processes and operations
- Legacy systems may still be in use
- Patch cycles can be slower
- Email access from engineering or adjacent systems can create an attack path
Even when threats arrive through something as common as email attachments, the risk in industrial environments is usually about
initial access and then possible lateral movement toward more critical assets.
Important caution
It would not be safe to conclude from the quote alone that:
- a specific worm family is spreading globally
- all ICS sectors are equally affected
- these detections led to compromise
That would require the full report data, methodology, and ideally corroboration from other sources.
Practical takeaway
For organizations with industrial environments, the sensible response is:
- Restrict email access on ICS-adjacent systems where possible
- Keep IT and OT networks segmented
- Scan attachments with reputable security tools before opening
- Review mail gateway filtering and attachment policies
- Monitor for unusual movement between office and industrial segments
The main takeaway is that email-borne malware remains a relevant delivery channel around industrial environments, and an increase in blocked worm attachments should be treated as a warning sign to review segmentation, email controls, and detection coverage.
ics-cert.kaspersky.com
