Eastern Europe is facing a landscape of cyber threats in industrial infrastructures, where the main sources of malware remain the internet and email applications, according to cyber security specialists.
Eastern Europe is facing a landscape of cyber threats in industrial infrastructures
Despite a lower exposure than other regions to some types of attacks, the email continues to represent a significant vulnerable point, they say.
In the second quarter of 2025, email is the only source of growing threats in Eastern Europe, with a percentage of 4.10% of ICS computers attacked by this vector – 1.3 times more than the global average (3%). Internet Connection Sharing (ICS) allows computers on a network to share an Internet connection.
At the opposite end, other sources such as removable devices or network folders record values below the global average.
The percentage of computers on which malicious documents have been identified and blocked is 1.4 times higher than the global average.
Comparing the results, South Europe registers the highest exposure to malicious emails (7.23%), while Western Europe remains below the global average, with only 1.89%.
Romania registers a rate of 6.65%, being above the regional average, along with countries such as Bosnia and Herzegovina (11.55%) or Croatia, where malicious emails frequently contain infected documents, spyware or dangerous scripts.
Internet: The second most common source of attack in the region
With a rate of 9.74%of ICS computers on which threats were blocked, Eastern Europe ranks fifth globally, over Western Europe (6.82%) and North (6.57%), but under South Europe (8.35%). Belarus leads the top of the Eastern European countries, with a rate of 11.45%, followed by other countries with exposed infrastructures. Romania is placed near the regional average of 9.74%, but under countries such as Belarus and Ukraine.
The main categories of threats online include accessing dangerous resources (denylist), malicious scriptures and phishing pages, but also executable miners. Globally, Eastern Europe ranks 3rd in blocking access to denylist resources and 4th in the detection of executable miners.
Regarding the threats from mobile environments (USB, external HDD, etc.), Eastern Europe is in the 7th place, with a percentage of 0.23% of the affected ICS computers – a value of 8.6 times higher than in North America, the least exposed region.
Ukraine (0.44%) and Bulgaria (0.43%) lead to the region regarding the incidence of these attacks, among which WORMS attacks, spyware and viruses predominate.
By comparison, Western Europe registers a rate of only 0.07%, and South Europe, of 0.10%, confirming a much lower exposure.
Only a small number of threats come from network folders in Eastern Europe, the region being on the penultimate global place in this chapter. This source of threats is less commonly encountered only in Northern Europe.
Against the background of a complex landscape of threats, Eastern Europe has a unique combination of vulnerabilities. The email remains the main appeal, and the geographical distribution of risks indicates the need for measures adapted to the national specificity.
The data in the new report published by Kaspersky ICS Cert (Industrial Control Systems Cyber Emergency Team) on cyber security of industrial control systems (ICS) shows that Romania follows the regional model, with values close to Eastern Europe in terms of online and mobile threats. However, the high level of attacks from email (6.65%) indicates important vulnerability, which requires urgent measures of awareness, filtration and security of internal communications in industrial infrastructures.
