Enjoying our content? Subscribe:
Top 10 Cybersecurity Breaches in Belgium
Learn about the state of cybersecurity in Belgium and the 10 biggest breaches in this country
Compared to the overall number of crimes in Belgium, cybercrimes are not the predominant category within the target region. Nevertheless, starting from 2017, the number of cyber incidents has been rapidly increasing, hitting businesses from various industries: transporting, hospitality, education, healthcare, and more. By 2020, the registered cases of cybercrime crossed the point of 44,000 incidents which is an extremely high rate for the key European country with nearly 200,000 residents.
Today, protecting the enterprise from different cybersecurity threats is not an option but an essential routine for any Belgium-based business. While it's nearly impossible to predict the upcoming incident, it's still possible to secure your business digitally by learning from the experience of other companies within and outside of your industry.
In this article, dedicated security experts from Cyberlands will review the most infamous incidents in Belgium, analyzing the reasons for each accident, the company's actions upon their discovery, and the outcomes these incidents have resulted in.
Today, protecting the enterprise from different cybersecurity threats is not an option but an essential routine for any Belgium-based business. While it's nearly impossible to predict the upcoming incident, it's still possible to secure your business digitally by learning from the experience of other companies within and outside of your industry.
In this article, dedicated security experts from Cyberlands will review the most infamous incidents in Belgium, analyzing the reasons for each accident, the company's actions upon their discovery, and the outcomes these incidents have resulted in.
#1 Belgacom Announced About the Unprecedented Hacking Attack
Belgacom, the largest telecoms company in Belgium, in September 2013 has confirmed its systems were hacked into. The company has also shared that the internal IT system was infected by the unknown virus, according to the previous security checks.
After detecting the intrusion, the company has taken the appropriate actions to protect the integrity of its IT system and prevent possible incidents in the future. Thus, the security department has filed a complaint against the ransomware and is granting its full support to the investigation performed by the Federal Prosecutor. At the same time, Belgacom has reassured its clients that their personal data wasn't affected.
Some of the non-official resources confirmed that in this incident Belgacom's systems were bugged for more than two years, with a high probability of being carried out by a British spy agency, however, the GCHQ has declined to comment on the allegations.
Nevertheless, being one of the dominant telecom providers in the EU, Belgacom has been obviously among the top targets of British attackers due to its numerous partnerships with hundreds of telecom companies across the globe, which means the company needs to stay highly proactive and consistently improve the security of its systems.
After detecting the intrusion, the company has taken the appropriate actions to protect the integrity of its IT system and prevent possible incidents in the future. Thus, the security department has filed a complaint against the ransomware and is granting its full support to the investigation performed by the Federal Prosecutor. At the same time, Belgacom has reassured its clients that their personal data wasn't affected.
Some of the non-official resources confirmed that in this incident Belgacom's systems were bugged for more than two years, with a high probability of being carried out by a British spy agency, however, the GCHQ has declined to comment on the allegations.
Nevertheless, being one of the dominant telecom providers in the EU, Belgacom has been obviously among the top targets of British attackers due to its numerous partnerships with hundreds of telecom companies across the globe, which means the company needs to stay highly proactive and consistently improve the security of its systems.
#2 Belgium's Biggest French-Speaking Newspaper Le Soir Goes Offline After a Cyberattack
In mid-April of 2015, the online edition of Le Soir – Belgium's biggest French-speaking newspaper – was shut down for a couple of hours after Belgian media group Rossel fell victim due to a cyber incident. Le Soir engages over 370,300 readers every month and today ranks 2nd at the leading mobile news and magazine app list.
According to the official press release, the firm is regularly attacked by ransomware, but at that time the firewall wasn't working as usual. What is more, the second phase of the attack was identified the next evening, due to which the Belgian daily announced later on their Twitter account that the site access may be unstable and the IT team is currently working on that issue.
During the attack, numerous of Rossel's sites, including Le Soir and Sudpresse, were down. The attacker's persona remains unknown, but the variety of website security issues discovered is an obvious signal that online newspapers need to improve the system security controls to prevent such attacks from happening in the future.
Once the incident was discovered, Le Soir immediately reported it to the police and local regulators. Though hitting the online audience segment, fortunately, the incident hasn't affected the print edition of the paper.
According to the official press release, the firm is regularly attacked by ransomware, but at that time the firewall wasn't working as usual. What is more, the second phase of the attack was identified the next evening, due to which the Belgian daily announced later on their Twitter account that the site access may be unstable and the IT team is currently working on that issue.
During the attack, numerous of Rossel's sites, including Le Soir and Sudpresse, were down. The attacker's persona remains unknown, but the variety of website security issues discovered is an obvious signal that online newspapers need to improve the system security controls to prevent such attacks from happening in the future.
Once the incident was discovered, Le Soir immediately reported it to the police and local regulators. Though hitting the online audience segment, fortunately, the incident hasn't affected the print edition of the paper.
#3 Numerous Security Issues Were Uncovered in Nationwide Postal Operator Bpost
A journalist investigation of VRT News has uncovered multiple security and privacy issues of Bpost, a Belgian-based post office. Today, it's widely known as Belgium's leading postal operator and a growing parcel and omni-commerce logistics partner in Europe, North America and Asia.
As of November 2020, the website users couldn't check the shipping details of the parcels that were to be delivered to themselves or other recipients. Similarly, the code for parcel pickup was also unavailable, thus clients couldn't pick up the parcel from a Post Point or a Bpost parcel collection machine. A while after the incident was revealed, Bpost confirmed the incident and has since started working on its correction.
Such an incident doesn't only hit the company's reputation but also constitutes an infringement of privacy laws. Due to this issue, the company has immediately discontinued the way of looking up parcels via that generic reference, so that people can only search for their parcel via the unique code. Additionally, Bpost has reassured all the clients that all the parcels will be delivered at the scheduled time.
As of November 2020, the website users couldn't check the shipping details of the parcels that were to be delivered to themselves or other recipients. Similarly, the code for parcel pickup was also unavailable, thus clients couldn't pick up the parcel from a Post Point or a Bpost parcel collection machine. A while after the incident was revealed, Bpost confirmed the incident and has since started working on its correction.
Such an incident doesn't only hit the company's reputation but also constitutes an infringement of privacy laws. Due to this issue, the company has immediately discontinued the way of looking up parcels via that generic reference, so that people can only search for their parcel via the unique code. Additionally, Bpost has reassured all the clients that all the parcels will be delivered at the scheduled time.
#4 Belgian Defense Ministry Confirms a Cyberattack Caused by Log4Shell Vulnerability
In December 2021, the Belgian defense ministry disclosed information about the attack on its networks. According to local media, the hackers exploited the software vulnerability called Log4j, the flaw that was discovered earlier that month.
Belgia wasn't the only country exploiting the flaw in their operations: similar cases were also confirmed by multiple nation-state actors, including APT groups linked to China, Iran, North Korea, and Turkey. Generally, the glitch has affected a long list of firms including globally known Amazon and Microsoft.
So far, it remains unclear whether it was a ransomware attack, nor the details of the hacking attack known. Upon the incident discovery, the spokesperson of the Belgian Defense Ministry said their teams have been heavily working to secure all the networks. Also, he confirmed the government will continue to invest in cybersecurity measures to prevent such cases in the future.
Belgia wasn't the only country exploiting the flaw in their operations: similar cases were also confirmed by multiple nation-state actors, including APT groups linked to China, Iran, North Korea, and Turkey. Generally, the glitch has affected a long list of firms including globally known Amazon and Microsoft.
So far, it remains unclear whether it was a ransomware attack, nor the details of the hacking attack known. Upon the incident discovery, the spokesperson of the Belgian Defense Ministry said their teams have been heavily working to secure all the networks. Also, he confirmed the government will continue to invest in cybersecurity measures to prevent such cases in the future.
#5 Belgian Port Giant Reports a Hacking Attack: All Operations Were Shut Down
Sea-Invest, one of the largest Belgian-based port terminals has shut down all operations due to a hacking attack. Being a global operator of port terminals for the transit of bulk goods, Sea-Invest has therefore created multiple supply chain issues for its clients.
The AFP agency revealed that the attacks had disrupted the unloading of barges in the affected European ports. To limit the damage, Sea-Invest decided to shut down the operations to prevent their client's data from being impacted further.
At the same time, the company's official representatives refused to comment on the incident.
The incident came to light in February 2022 but wasn't the first one that occurred in the target industry. A few years earlier, in 2017, the port of Rotterdam was targeted by a Wannacry ransomware attack. Another incident was confirmed by the container terminal of Maersk (Danish container giant).
The AFP agency revealed that the attacks had disrupted the unloading of barges in the affected European ports. To limit the damage, Sea-Invest decided to shut down the operations to prevent their client's data from being impacted further.
At the same time, the company's official representatives refused to comment on the incident.
The incident came to light in February 2022 but wasn't the first one that occurred in the target industry. A few years earlier, in 2017, the port of Rotterdam was targeted by a Wannacry ransomware attack. Another incident was confirmed by the container terminal of Maersk (Danish container giant).
#6 Antwerp Company was Hit By Cybercriminals: Belgium Authorities Opened an Investigation
Due to the increasing number of cyber incidents occurring in many transportation companies, the Federal Computer Crime Unit started an official investigation. Previously, the organized crime group breached computer networks in at least two companies operating in the port of Antwerp. Initially, the criminals hid cocaine and heroin among legitimate cargoes, including timber and bananas shipped in containers from South America.
As a result of penetration, hackers managed to obtain critical data uncovering the location and security data of containers stored, so the traffickers could send in lorry drivers to steal the cargo before the initial owner arrived. Though the employees were first warned about the situation, dozens of containers vanished from the port with no explanation.
The detailed investigation has shown the attackers did a lot of software work, gaining wireless access to keystrokes typed by staff as well as screen grabs from their monitors.
As a result of penetration, hackers managed to obtain critical data uncovering the location and security data of containers stored, so the traffickers could send in lorry drivers to steal the cargo before the initial owner arrived. Though the employees were first warned about the situation, dozens of containers vanished from the port with no explanation.
The detailed investigation has shown the attackers did a lot of software work, gaining wireless access to keystrokes typed by staff as well as screen grabs from their monitors.
#7 Belgium's Parliament and Universities Suffered from a Coordinated Cyberattack
In May 2022, the workflow of a vast number of universities, parliamentary and scientific institutions was affected as a result of a "large-scale attack". The official sources revealed that Belnet, a Belgium-based Internet service provider that is widely used by the country's key infrastructure, has been targeted by ransomware.
Unknown hackers committed a distributed denial of service (DDoS) attack, aimed to disrupt the functioning of specific online services by overloading servers with data. Though the attackers didn't manage to breach or steal any data, Belnet's clients were still affected, with all of them being either completely or partially cut off from the Internet. Overall, as a result of the DDoS attack, the company confirmed over 200 private and public organizations were impacted.
Once the incident was discovered, the Belnet team immediately applied its crisis procedures and contacted the Center for Cybersecurity Belgium (CCB) to bring the attack under control. Though the company reassured publicity that they're continually investing in cybersecurity, the constantly changing tactics of the attackers make it more and more challenging to neutralize these incidents.
Unknown hackers committed a distributed denial of service (DDoS) attack, aimed to disrupt the functioning of specific online services by overloading servers with data. Though the attackers didn't manage to breach or steal any data, Belnet's clients were still affected, with all of them being either completely or partially cut off from the Internet. Overall, as a result of the DDoS attack, the company confirmed over 200 private and public organizations were impacted.
Once the incident was discovered, the Belnet team immediately applied its crisis procedures and contacted the Center for Cybersecurity Belgium (CCB) to bring the attack under control. Though the company reassured publicity that they're continually investing in cybersecurity, the constantly changing tactics of the attackers make it more and more challenging to neutralize these incidents.
#8 Vivalia Patient Data Is Claimed to Be Compromised
Another healthcare-related cybersecurity incident occurred in May 2022 in Luxembourg province, Wallonia: as a result of a ransomware attack, Belgian private hospital group Vivalia switched to manual record management. According to the official information, the group controls seven hospitals and six residential care centers providing over 1,600 beds for patients, which makes this incident one of the largest in healthcare in recent years.
The detailed incident investigation has revealed that attackers managed to access the company's network and encrypt the system files on it – around 400 GB of patient and hospital data. A Cybercriminal group called Lockbit claimed themselves responsible for the attack and threatened to expose the stolen data to a dark web forum if the ransom is not paid off.
Overall, the attackers said they are in possession of patient data, their illnesses, employee data, and "much more" from four medical trusts. The Vivalia manager reported on his Twitter account, that the authorities had been notified of the case, and it "is currently being processed by the judicial police and the cybersecurity unit."
The detailed incident investigation has revealed that attackers managed to access the company's network and encrypt the system files on it – around 400 GB of patient and hospital data. A Cybercriminal group called Lockbit claimed themselves responsible for the attack and threatened to expose the stolen data to a dark web forum if the ransom is not paid off.
Overall, the attackers said they are in possession of patient data, their illnesses, employee data, and "much more" from four medical trusts. The Vivalia manager reported on his Twitter account, that the authorities had been notified of the case, and it "is currently being processed by the judicial police and the cybersecurity unit."
#9 Federal Ministries Suffering from the Attack: Chinese Hackers Were Accused
In July 2022, the Belgian Ministry of Foreign Affairs accused Chinese hackers of committing cyberattacks against the Federal Defence and Interior Ministries. China was called to take the necessary actions to investigate and resolve the situation.
During the internal investigation, Belgium's Cybersecurity center discovered the key goal of the attackers was to obtain sensitive data from the Ministry of the Interior, which they'd been successfully doing for over 2 years. The experts have also investigated the numerous attacks on the Ministry of Defense in 2021. These resulted in disrupting the Ministry's network performance. Being cut off from the Internet for weeks, its staff was not able to communicate via email and perform the key tasks within the organization.
Another security issue mentioned by the Ministry is the case of purchasing the Huawei wifi routers at the start of 2022, which are considered to significantly compromise the national security in many countries. A similar case was detected in Hikvision and Dahua video surveillance equipment, which had insufficient security systems.
During the internal investigation, Belgium's Cybersecurity center discovered the key goal of the attackers was to obtain sensitive data from the Ministry of the Interior, which they'd been successfully doing for over 2 years. The experts have also investigated the numerous attacks on the Ministry of Defense in 2021. These resulted in disrupting the Ministry's network performance. Being cut off from the Internet for weeks, its staff was not able to communicate via email and perform the key tasks within the organization.
Another security issue mentioned by the Ministry is the case of purchasing the Huawei wifi routers at the start of 2022, which are considered to significantly compromise the national security in many countries. A similar case was detected in Hikvision and Dahua video surveillance equipment, which had insufficient security systems.
#10 Belgian Hospital Center Fell Victim Due to a Massive Cyberattack
In September 2022, ChWapi, the hospital center of Picardy Wallonia in Tournai reported a serious cyberattack, hitting 80 to 300 servers. According to the official sources, the cybercriminals managed to encrypt the server data, which therefore became inaccessible. With thousands of patient files being trapped in the center's systems, the medical staff had to revert to pen and paper to record information.
Upon the incident discovery, the hospital's IT department restarted the key servers to get their main systems back up and running. At the same time, they collaborated with the federal police's Computer Crime Unit to investigate the incident. In one of the interviews, the hospital's CEO confirmed that the breach occurred as a result of a computer virus affection.
Due to this incident, some arranged consultations were canceled, same the non-urgent operations were either postponed or rescheduled for a later date. What is more, the Belgian emergency services in CnWapi remain temporarily unavailable until the problem is fully resolved.
Upon the incident discovery, the hospital's IT department restarted the key servers to get their main systems back up and running. At the same time, they collaborated with the federal police's Computer Crime Unit to investigate the incident. In one of the interviews, the hospital's CEO confirmed that the breach occurred as a result of a computer virus affection.
Due to this incident, some arranged consultations were canceled, same the non-urgent operations were either postponed or rescheduled for a later date. What is more, the Belgian emergency services in CnWapi remain temporarily unavailable until the problem is fully resolved.
Conclusion
To conclude, with millions of investments in cybersecurity, Belgium companies still need to be proactive in improving their digital security and stay aware of the various cyber threats across different industries. Creating a robust strategy for business security is sure to help enterprises in preventing reputational and financial damages to their business while staying on the top among the competitors.
Now that you've learned a bunch of examples of the most infamous Belgium cyber incidents and can get some insights about protecting your business from ransomware attacks. However, if you need expert assistance in improving the security of your business in digital – contact the Cyberlands team right away! Our best cybersecurity specialists are always ready to create the first-class strategy that ideally works for your business!
Now that you've learned a bunch of examples of the most infamous Belgium cyber incidents and can get some insights about protecting your business from ransomware attacks. However, if you need expert assistance in improving the security of your business in digital – contact the Cyberlands team right away! Our best cybersecurity specialists are always ready to create the first-class strategy that ideally works for your business!
Cyberlands.io Team