#CyberWeekly

On December 20, Romania's national water authority had 1,000 systems encrypted in a ransomware attack. The attackers hit 10 of 11 river basin management offices across the country.

The clever part? They used Windows' own BitLocker encryption tool — a technique called "living off the land" where attackers use built-in system tools instead of custom malware. Security software can't easily flag it because it looks like normal admin activity.

• No water disruption — operational systems kept running through manual controls
• Not in scope — the network wasn't yet covered by Romania's critical infrastructure protection system
• Ransom demand — attackers gave 7 days to negotiate, Romania's policy: never negotiate

The lesson for SMEs: your own tools can be used against you. BitLocker is on every Windows machine. Without proper access controls and monitoring, an attacker with admin access can lock you out of your own systems using your own software.

The CyberFundamentals framework includes controls specifically for access management and monitoring — the basics that prevent this kind of attack.

Big week for the platform. We rebranded to Easy Cyber Protection, shipped passwordless login, and launched full trilingual support.

Here's what changed:

• Passwordless login — Magic link authentication is now the default. Click a link in your email, you're in. No passwords to remember, reset, or have stolen.
• Three languages — The platform now runs in English, Dutch, and French — built for the Belgian market from day one.
• Comments & activity inbox — Leave comments on tasks and evidence. An inbox keeps you updated on what your team is discussing.
• Smart search — A new command palette lets you find anything instantly with fuzzy matching.
• Partner mode — Security consultants can now manage multiple client organizations from a single account.

We also hardened platform security with rate limiting and brute-force protection. Because we practice what we preach.

Two more German SMBs made headlines this month — and not in a good way.

Klingele Paper & Packaging Group, a mid-sized manufacturer, had 450GB of data stolen by the INC ransomware group. Client info, financials, confidential documents — all exfiltrated. Meanwhile, automotive parts supplier Rameder had 1.4TB of data leaked after a Payouts King ransomware attack.

These aren't Fortune 500 companies. They're the German equivalent of Belgian SMEs — mid-market businesses that thought they were too small to be a target.

• Manufacturing is #1 target — it's the most attacked sector in Europe
• Supply chain risk — these breaches expose their clients' data too
• Germany just activated NIS2 — these companies may now face regulatory scrutiny on top of the breach

If you supply to or buy from German companies, expect tougher security questions in 2026. Getting your NIS2 compliance sorted now is a competitive advantage.

52% of ransomware attacks in the past year happened on a weekend or holiday. And 78% of organizations reduce their security staff during the holiday period.

Do the math. Fewer defenders + same number of attackers = open season.

As teams wind down for Christmas and New Year, here's what the bad guys are counting on:

• Skeleton crews — fewer people monitoring alerts means slower response times
• Distracted employees — holiday shopping, year-end deadlines, and out-of-office replies create phishing goldmines
• Delayed patching — nobody wants to risk a system update before the holidays

What you can do before you leave:

• Ensure backups are current and tested
• Enable MFA on all critical accounts
• Brief your team on holiday phishing tactics
• Have an incident response plan that works when key people are away

The EU's Cyber Resilience Act hit its first milestone on December 11, with the Commission adopting a delegated act on vulnerability notification delays.

If you sell or use products with digital elements (software, IoT devices, connected hardware), the CRA will affect you. Here's the timeline:

• September 2026 — manufacturers must report actively exploited vulnerabilities
• December 2027 — full CRA requirements apply to all connected products
• Fines — up to €15 million or 2.5% of global turnover

For Belgian SMEs, this is a double compliance challenge. NIS2 covers your organization's security. The CRA covers the security of products you make or distribute. Together, they form the EU's new cybersecurity baseline.

The good news: if you're already working on CyberFundamentals, you're building the foundation both regulations require.