Healthcare, financial institutions, and consultancy are the main targets of cybercriminals
Belgian organizations faced an average of 1,275 cyberattacks per week in the second quarter of 2025. This is an increase of 17 percent compared to the same period last year. The healthcare sector, financial sector, and consultancy firms were most frequently targeted. This is according to new figures from Check Point Research.
Europe Sees the Strongest Increase in Targeted Attacks
Check Point Research reports a global increase of 21 percent in the number of cyberattacks compared to Q2 2024. In Europe, there is an increase of 22 percent. Luxembourg (+59%) and the Netherlands (+50%) record the largest increases within the region.
Healthcare was hardest hit, with an average of 2,620 attacks per organization per week. Financial institutions faced 1,802 attacks, followed by consultancy firms with 1,765 attacks per week. According to Check Point, attackers focus on sectors with sensitive data or underfunded security.
The attacks are also becoming more sophisticated. Instead of large-scale ransomware campaigns, there are more silent attacks that gain access to networks or accounts without immediate visibility. The use of AI-driven attack techniques is increasing.
Vulnerabilities and Phishing Remain Important Attack Channels
The most commonly exploited vulnerability in Belgium remains Remote Code Execution, accounting for 69 percent of cases. This is followed by Information Disclosure (67 percent) and Authentication Bypass (53%). The most widespread malware is FakeUpdates, which serves as a downloader.
Emails remain the primary channel for malware distribution (63%), followed by websites (37%). Most attacks on Belgian organizations originate from the United States (42%), the Netherlands (12%), and Belgium itself (10%).
Finally, phishing remains popular. In Q2 2025, attackers primarily impersonated Microsoft, followed by Google and Apple. Brands like Spotify and Booking were also frequently used in phishing campaigns, aiming to collect user data or payment information via fake websites.