Cybersecurity

Halliburton cyberincident the latest in energy-sector attacks

The company filed details to the SEC regarding unauthorized third-party access to its systems.
article cover

Mevans/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Somebody struck oil, and not in the fun, Jed Clampett, we’re-moving-to-Beverly-Hills kind of way.

According to an August 21 SEC filing and a report last week from Reuters, an unauthorized third party accessed systems belonging to oil-services firm Halliburton Company. While details from the multinational corporation are more of a small, bubblin’ ooze than a There Will Be Blood-esque explosion, the intrusion demonstrates one more cyberincident in an increasingly targeted energy sector.

High energy

  • Cybersecurity firm CrowdStrike’s 2024 Threat Hunting Report, released last week, revealed a 94% year over year increase in energy-sector intrusion frequency. (The study examined events from July 2023 to June 2024, and that same time period a year earlier.)
  • Fellow cybersecurity vendor Sophos, in its July 2024 “State of Ransomware in Critical Infrastructure” report, found that 67% of respondents in the energy and water industries reported ransomware incidents in the past year or so. The research, conducted in January and February 2024, asked 5,000 IT/cybersecurity leaders (including 275 from the energy, oil/gas, and utilities sector) about security incidents occurring in the previous year. The global, cross-sector ransomware-event average, according to Sophos: 59%.

“Energy, a critical infrastructure sector is, unfortunately, an attacker target because of the disruption factor. Attackers like to target organizations in our critical infrastructure, such as energy, water, schools, healthcare/hospitals, because they know these systems can’t be offline for long, increasing the pressure to pay, so they can get back to operational as fast as possible,” Sara Eberle, VP of global communications at Sophos, wrote in an email to IT Brew.

Filing on: In its SEC filing, the Halliburton Company, which has 40,000 employees, said it “​​activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity.” Other efforts, according to the filing, included “proactively taking certain systems offline to help protect them and notifying law enforcement.” The company said in its Form 8-K that its ongoing response will include “restoration of its systems and assessment of materiality.” (Halliburton did not respond to IT Brew’s request for an interview.)

That reminds me: On May 7, 2021, following a ransomware attack, the Colonial Pipeline Company proactively closed its approximately 5,500-mile pipeline—a system that transports 45% of all fuel consumed on the East Coast and providing refined products to more than 50 million Americans, according to claims from the firm. Colonial restarted its pipeline six days later.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B