Halliburton Data Stolen in Oil-Sector Cyberattack

The energy kahuna said that operations were disrupted after an attack on its supporting business applications.

Tara Seals, Dark Reading

September 3, 2024

2 Min Read
a pumpjack at an oil drilling site at sunset copy
Alamy

This article originally appeared on Dark Reading.

Halliburton has confirmed that data was stolen in the Aug. 21 cyberattack on its networks.

The energy services company — which has a global presence in oil fields and runs some of the world's largest fracking operations — said in an 8K filing with the Securities and Exchange Commission today that "the company believes the unauthorized third party accessed and exfiltrated information from the company’s systems."

Halliburton had previously disclosed that the attack (unattributed, for now) caused it to take some systems offline. The cyber offensive "limited access to "portions of the company’s business applications supporting aspects of the company’s operations and corporate functions," according to the most recent filing.

For now, other details are under wraps, but the oil-and-gas behemoth said that the full effects of the incident are still unknown. It mentioned that it was restoring systems and "following process-based safety standards for ongoing operations," presumably relating to physical operations in the field. It also said that it doesn't expect the cyberattack to have a material effect on its finances. 

The company did not immediately return a request for comment from Dark Reading.

Related:The New Frontiers of Cyber-Warfare: Insights From Black Hat 2024

Takeaways for Oil & Gas and Beyond

Marcus Fowler, CEO of Darktrace Federal, says that while the extent of the Halliburton attack is unknown, the fact that it was targeted at all should be a warning to other critical infrastructure providers to gain visibility into potential weaknesses within their networks and shore up defenses.

"[This sector is] increasingly pursuing IT and operational technology (OT) convergence as the data collection and analysis benefits can dramatically improve production efficiency, maintenance, and scaling," he notes. "However, as OT security struggles between legacy systems and the expanding wave of IT and OT interconnectivity within their environments, the risk of cyber-physical attacks continues to grow."

Especially since, "with IT/OT convergence expanding attack surfaces, security personnel have increased workloads that make it difficult to keep pace with threats and vulnerabilities," he adds.

Thus, utilities and other critical infrastructure organizations should take immediate steps to prevent this kind of unauthorized remote access to IT and OT networks, and implement basic tools like microsegmentation controls inside networks to limit lateral movement. 

"The latter is even more urgent as the adversaries may have already planted backdoors by using undetected zero-day exploits," explains Venky Raju, field CTO at ColorTokens. "Nation-state actors have already demonstrated their ability to penetrate and attack critical infrastructure systems in the US. So far, it has been restricted to small utilities like the water supply system in Muleshoe, Texas, etc.  We will soon know if the Halliburton attack is an escalation by one of these groups, or an attack on their IT networks by a different actor."

Related:Tiny Texas City Repels Russia-Tied Hackers Eyeing Water System

Read more about:

Dark Reading

About the Authors

Tara Seals

Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like