Halliburton Data Stolen in Oil-Sector Cyberattack

The energy kahuna said that operations were disrupted after an attack on its supporting business applications.

Oil pumps silhouette at colorful sunset
Source: DPK-Photo via Alamy Stock Photo

Halliburton has confirmed that data was stolen in the Aug. 21 cyberattack on its networks.

The energy services company — which has a global presence in oil fields and runs some of the world's largest fracking operations — said in an 8K filing with the Securities and Exchange Commission today that "the company believes the unauthorized third party accessed and exfiltrated information from the company’s systems."

Halliburton had previously disclosed that the attack (unattributed, for now) caused it to take some systems offline. The cyber offensive "limited access to "portions of the company’s business applications supporting aspects of the company’s operations and corporate functions," according to the most recent filing.

For now, other details are under wraps, but the oil-and-gas behemoth said that the full effects of the incident are still unknown. It mentioned that it was restoring systems and "following process-based safety standards for ongoing operations," presumably relating to physical operations in the field. It also said that it doesn't expect the cyberattack to have a material effect on its finances.

The company did not immediately return a request for comment from Dark Reading.

Takeaways for Oil & Gas and Beyond

Marcus Fowler, CEO of Darktrace Federal, says that while the extent of the Halliburton attack is unknown, the fact that it was targeted at all should be a warning to other critical infrastructure providers to gain visibility into potential weaknesses within their networks and shore up defenses.

"[This sector is] increasingly pursuing IT and operational technology (OT) convergence as the data collection and analysis benefits can dramatically improve production efficiency, maintenance, and scaling," he notes. "However, as OT security struggles between legacy systems and the expanding wave of IT and OT interconnectivity within their environments, the risk of cyber-physical attacks continues to grow."

Especially since, "with IT/OT convergence expanding attack surfaces, security personnel have increased workloads that make it difficult to keep pace with threats and vulnerabilities," he adds.

Thus, utilities and other critical infrastructure organizations should take immediate steps to prevent this kind of unauthorized remote access to IT and OT networks, and implement basic tools like microsegmentation controls inside networks to limit lateral movement. 

"The latter is even more urgent as the adversaries may have already planted backdoors by using undetected zero-day exploits," explains Venky Raju, field CTO at ColorTokens. "Nation-state actors have already demonstrated their ability to penetrate and attack critical infrastructure systems in the US. So far, it has been restricted to small utilities like the water supply system in Muleshoe, Texas, etc.  We will soon know if the Halliburton attack is an escalation by one of these groups, or an attack on their IT networks by a different actor."

About the Author

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights