Resource Center

The CCB and DNS Belgium have developed technical guidelines on email security protocols DNS Belgium and the Centre for Cybersecurity Belgium (CCB) recognise the importance of the Domain Name System (DNS) as a fundamental pillar of secure and reliable digital infrastructure. In an era of increasingly complex and sophisticated cyber threats, implementing proactive security measures to prevent abuse and attacks on the Belgian Internet domain is essential.As part of our collaboration, we have developed and published technical guidelines for DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authentication, Reporting & Conformance), SPF (Sender Policy Framework) and DNSSEC (Domain Name System Security Extensions).These guidelines provide practical, standardised recommendations to help organisations, businesses, and government agencies better secure their email domains and DNS infrastructure against abuse, phishing, and other cyber threats.Objectives of cooperationStrengthen email security by properly implementing DKIM, DMARC and SPF to reduce email spoofing and phishing.Promote the adoption of DNSSEC to ensure the integrity and authenticity of DNS traffic, and prevent the interception and redirection of internet traffic for the purpose of stealing or manipulating data.Publish clear technical guidelines to support Belgian organisations in correctly implementing these crucial security measures.Raise awareness of the importance of a secure DNS infrastructure as part of a broader cybersecurity strategy.Encourage cooperation between the public and private sectors to create a more secure and reliable digital environment.Through this joint effort, DNS Belgium and the CCB intend to bolster the cyber resilience of organisations and enhance the security of the Belgian internet landscape.This collaboration highlights our shared responsibility to promote a proactive security approach and emphasises the importance of DNS as a vital component of online security.Together, we are setting a new standard for a safer Belgian Internet!The technical documents were developed in collaboration with DNS Belgium Technical guidelines for integrating and implementing these security protocols

We strongly recommends taking immediate preventive measures. The CCB warns organisations about an ongoing malicious campaign that delivers trojanized applications disguised as PDF editors or product manuals. Once installed, this malware can steal credentials and turn compromised Windows devices into proxies. Several incidents have already been reported.The CCB is treating this campaign as a high risk. Our teams are actively reaching out to Belgian companies and civilians that may be affected by this threat. The CCB strongly recommends taking immediate preventive measures.Who is at risk?Organisations and individuals that download software through online advertisements or unfamiliar links are affected. Specifically:Users searching for PDF editors or product manuals onlineOrganisations allowing employees to install software without strict controlsAny Windows environment where users can execute downloaded applicationsWhat should you do?If your organisation or employees may have installed one of these trojanized applications, we strongly advise you to:Avoid downloading or installing applications via online advertisements or unverified websites.Verify whether the following applications are present in your environment: AppSuite-PDF, PDFEditor, or ManualFinder.Check systems for signs of compromise. Look for unusual processes, credential theft activity, or devices being misused as proxies.Report any suspected incidents immediately to the CCB.More informationFor further details on this campaign, consult the following resources:TrueSec – Tampered Chef: The Bad PDF EditorExpel – ManualFinder CampagneFollow the updates on the CCB website: https://ccb.belgium.be/advisories/warning-trojanized-infostealer-campaign-appsuite-pdf-editormanual-finder-immediateReport an incidentReport any incidents to the CCB via our official incident reporting form.The CCB is committed to protecting Belgian organisations from cyber threats. We will continue to closely monitor this campaign, provide updates as needed, and contact potential victims.

Recent research by the CCB shows that Belgian companies are not making sufficient use of two-factor authentication (2FA)  Despite growing awareness of cyber threats, recent research by the Centre for Cybersecurity Belgium (CCB) shows that Belgian companies are not making sufficient use of two-factor authentication (2FA) or multi-factor authentication (MFA) on external connections. While 70% of the organisations surveyed say they consider it somewhat to very likely that they will soon be targeted by cybercriminals, only 46.4% have actually implemented 2FA.A survey of 250 Belgian companies conducted by the CCB in July 2025 clearly demonstrates this. The results show a striking contrast between the perceived threat and the measures taken. “These figures and the number of incidents are very worrying," says Miguel De Bruycker, Director-General at the CCB. “In about half of our Incident Response Interventions, we find that 2FA or MFA is not or only partially in use. In a digital environment where password hacking is seen as a real threat by 58% of companies, 2FA should be an absolute minimum measure.”Daily victims due to leaked login details and incorrect 2FAEvery day, at least one Belgian company falls victim to a cyber attack. The common thread in these incidents is the leakage of login details through phishing, for example, and the lack of proper two-step verification.“Install 2FA immediately on all external connections and for everyone,” De Bruycker adds.In incidents, it is also often found that 2FA is not provided for everyone. Recently, massive amounts of data were stolen because IT administrators had set up a separate VPN to the servers without 2FA, while all other employees were required to use it. Awareness and control by top management is therefore essential.2FA: simple, effective, but still underusedTwo-step verification provides a second layer of security on top of the traditional password. Even if that password falls into the wrong hands, access to the system remains blocked without the second means of authentication (such as an app or token). Nevertheless, its implementation lags behind other basic measures:Antivirus software: 89.6%Backups: 86.4%Firewall protection: 77%Two-step verification: 46.4%It is wrong to think that it does not matter much! 2FA is not absolute security, but it makes a huge difference. More than 80% of current incidents could have been avoided by correctly implementing this one, most important measure.From awareness to actionImplementing 2FA does not have to be complex or expensive. Many popular applications and cloud services offer this option as standard. Organisations that have not yet implemented 2FA are taking unnecessary risks. The CCB therefore calls on companies to:Mandatory implementation of 2FA on all accounts that are accessible from outside the organisation, especially for email, cloud platforms, VPNs and administrator interfaces.Use our CyberFundamentals for strong cyber defenceActively raise employee awareness about secure login. Sources Survey of 250 Belgian companies conducted by the Centre for Cybersecurity Belgium, July 2025.Safeonweb AT Work

The Center for Cybersecurity Belgium (CCB) warns organisations about serious vulnerabilities in Microsoft SharePoint Server. This vulnerability allows attackers to execute remote code on unpatched SharePoint servers. This means that malicious actors can use it to gain unauthorised access to systems. This vulnerability is already being actively exploited. The Center for Cybersecurity Belgium (CCB) warns organisations about serious vulnerabilities in Microsoft SharePoint Server. This vulnerability allows attackers to execute remote code on unpatched SharePoint servers. This means that malicious actors can use it to gain unauthorised access to systems. This vulnerability is already being actively exploited.We are treating the recently discovered SharePoint vulnerability as a high priority. Our teams are actively reaching out to Belgian companies that may have been affected by this critical security issue. A patch is available for Microsoft SharePoint Server Subscription Edition and Microsoft SharePoint Server 2019 to address this vulnerability. The CCB strongly recommends installing the security updates as soon as possible. Microsoft's advisory describes how to do this.Who is at risk?Organisations using the following on-premises SharePoint products are affected:Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Server 2019Microsoft SharePoint Server 2016What should you do?If your organisation uses these SharePoint products, we strongly advise you to:Immediately apply the emergency security patches released by Microsoft. These updates are designed to close the vulnerability and prevent exploitation.Check your systems for signs of compromise. If you suspect that your SharePoint environment has been breached, take action quickly. More informationYou can find our full technical advisory here: Emergency Patch for Exploited SharePoint Vulnerability.Follow the updates on the CCB website.Report an incidentReport any incidents to the CCB via our official incident reporting form.The CCB is committed to protecting Belgian organisations from cyber threats. We will continue to monitor the situation closely, provide updates as needed and contact potential victims.