Full Report
South-East Asia ranks first in the world in terms of the percentage of ICS computers on which viruses and malware for AutoCAD were blocked. The review of key cybersecurity issues in Asian regions.
Analysis Summary
# Industry News: Southeast Asia Emerges as Global Hotspot for AutoCAD-Targeting ICS Malware
## Summary
A Q2 2025 report by Kaspersky ICS CERT reveals that Southeast Asia now leads the world in the percentage of Industrial Control Systems (ICS) computers targeted by AutoCAD-specific malware. The findings highlight a localized but systemic threat to engineering and design workflows within industrial automation environments across the Asian region.
## Key Details
- **Date:** September 19, 2025
- **Companies Involved:** Kaspersky (ICS CERT), Various Industrial Operations in SE Asia
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
The Kaspersky ICS CERT report for Q2 2025 underscores a shifting threat landscape for industrial automation in Asia. Specifically, Southeast Asian industrial firms have become the primary targets for malware designed to infect and propagate through AutoCAD files—the foundational software for global engineering, architecture, and manufacturing design. Unlike generic malware, these AutoCAD-specific viruses often target intellectual property (IP) or aim to create backdoors within high-value design environments. This trend suggests that threat actors are successfully exploiting the collaborative nature of design supply chains, where CAD files are frequently shared between vendors, contractors, and plant operators.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Reinforces its position as a dominant provider of specialized industrial intelligence and endpoint protection for operational technology (OT).
- **Industrial Firms in SE Asia:** Facing increased operational risks and the potential for significant IP theft regarding proprietary designs and plant layouts.
### For Competitors
- **Security Vendors:** Competitors specializing in OT security (e.g., Dragos, Nozomi Networks) will likely pivot marketing and product localized features to address "file-based" threats in the design phase of the industrial lifecycle.
### For Customers
- **Engineering & Construction Firms:** Must implement stricter file-scrubbing protocols and "zero trust" approaches to CAD file sharing to prevent cross-contamination between projects.
### For the Market
- **Supply Chain Risk:** This highlights the vulnerability of the industrial supply chain. A compromised designer in Vietnam can inadvertently infect a high-security manufacturing facility in a different region via a shared blueprint file.
## Technical Implications
The malware targets the LISP and VBA automation capabilities within AutoCAD to self-replicate. By embedding malicious code in `.dwg` drawings, the virus bypasses traditional network-level defenses that focus on internet-facing vulnerabilities, instead leveraging "trusted" lateral movement through file transfers and USB drives.
## Strategic Analysis
- **Market Positioning:** Southeast Asia is a global manufacturing hub; the high infection rate indicates that security maturity is not keeping pace with industrial digital transformation in the region.
- **Competitive Advantage:** Firms that can prove "clean" and secure design-to-production pipelines will have a competitive edge in high-stakes bidding for critical infrastructure projects.
- **Challenges:** The primary obstacle is the human element—convincing engineers that "standard" design files can be lethal vectors for industrial sabotage.
## Industry Reactions
- **Analyst Opinions:** Analysts suggest this is a "wake-up call" for the manufacturing sector in Asia, moving the focus from "IT/OT convergence" to "Secure Design."
- **Market Response:** There is an expected uptick in demand for specialized "sandbox" environments for CAD and engineering software in the SE Asian market.
## Future Outlook
- **Predictions:** We expect to see more specialized "industrial-grade" antivirus features integrated directly into engineering software suites.
- **What to watch for:** Potential regulatory changes in ASEAN countries regarding mandatory security audits for industrial design and architecture firms handling critical infrastructure data.
## For Security Professionals
Cybersecurity practitioners in the industrial space should immediately audit their "DMZ" protocols for file exchanges. Specifically, ensure that CAD/CAM workstations are not exempt from advanced endpoint detection and response (EDR) scanning and that all incoming project files are treated as untrusted, regardless of the source's reputation. Training for engineering staff on the risks of macro-enabled design files is now a priority.