Halliburton Data Stolen in Oil-Sector Cyberattack

Halliburton has confirmed that data was stolen in the Aug. 21 cyberattack on its networks.

The energy services company — which has a global presence in oil fields and runs some of the world's largest fracking operations — said in an 8K filing with the Securities and Exchange Commission today that "the company believes the unauthorized third party accessed and exfiltrated information from the company’s systems."

Halliburton had previously disclosed that the attack (unattributed, for now) caused it to take some systems offline. The cyber offensive "limited access to "portions of the company’s business applications supporting aspects of the company’s operations and corporate functions," according to the most recent filing.

For now, other details are under wraps, but the oil-and-gas behemoth said that the full effects of the incident are still unknown. It mentioned that it was restoring systems and "following process-based safety standards for ongoing operations," presumably relating to physical operations in the field. It also said that it doesn't expect the cyberattack to have a material effect on its finances.

The company did not immediately return a request for comment from Dark Reading.

Takeaways for Oil & Gas and Beyond

Marcus Fowler, CEO of Darktrace Federal, says that while the extent of the Halliburton attack is unknown, the fact that it was targeted at all should be a warning to other critical infrastructure providers to gain visibility into potential weaknesses within their networks and shore up defenses.

"[This sector is] increasingly pursuing IT and operational technology (OT) convergence as the data collection and analysis benefits can dramatically improve production efficiency, maintenance, and scaling," he notes. "However, as OT security struggles between legacy systems and the expanding wave of IT and OT interconnectivity within their environments, the risk of cyber-physical attacks continues to grow."

Especially since, "with IT/OT convergence expanding attack surfaces, security personnel have increased workloads that make it difficult to keep pace with threats and vulnerabilities," he adds.

Thus, utilities and other critical infrastructure organizations should take immediate steps to prevent this kind of unauthorized remote access to IT and OT networks, and implement basic tools like microsegmentation controls inside networks to limit lateral movement. 

"The latter is even more urgent as the adversaries may have already planted backdoors by using undetected zero-day exploits," explains Venky Raju, field CTO at ColorTokens. "Nation-state actors have already demonstrated their ability to penetrate and attack critical infrastructure systems in the US. So far, it has been restricted to small utilities like the water supply system in Muleshoe, Texas, etc.  We will soon know if the Halliburton attack is an escalation by one of these groups, or an attack on their IT networks by a different actor."