Halliburton forced to take systems offline to contain cyberattack

Oil field giant Halliburton provided new details to regulators on Friday about a recent cyberattack that necessitated the shut-down of certain systems.

The company told news outlets it was hit by a cyberattack on Wednesday that affected operations at its headquarters in Houston.

In an 8-K report submitted Thursday to the Securities and Exchange Commission (SEC), the company said hackers “gained access to certain of its systems.” The company is currently investigating the incident with the help of contractors, it said.

“The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality,” Halliburton vice president Charles Geer said in the report. 

Geer added that they are communicating with customers and other stakeholders while they work “to identify any effects of the incident.”

Reuters reported on Thursday that some employees were told not to connect to the company’s internal network as a precaution following the cyberattack. 

No group has taken credit for the attack as of Friday afternoon. 

Halliburton — known for its controversial role in the Iraq War — is one of the world’s largest oil field service companies and has almost 48,000 employees. The company reported $5.8 billion in revenue for the first quarter of 2024. 

Companies in the oil and gas industry continue to be targeted by hackers and ransomware gangs due to their propensity for paying ransoms. While none have been confirmed, ransomware gangs have listed at least five oil and gas industry companies on their leak sites since June. 

While headline-grabbing attacks on Colonial Pipeline and Shell have garnered the most news coverage, several other cyber incidents have impacted oil and gas companies over the last three years. 

It has become such an issue that G7 leaders in June “committed to taking critical action to strengthen the cybersecurity of the global supply chain of key technologies used to manage and operate electricity, oil, and natural gas systems across the world.”

The Transportation Security Administration (TSA) renewed cybersecurity regulations in May for the operators of hazardous liquid and natural gas pipelines and liquefied natural gas facilities. 

The regulations have been in place since the Colonial Pipeline attack and mandate that operators must confirm to TSA that they have instituted a range of cybersecurity measures, including an incident response plan, the creation of a cybersecurity coordinator position, vulnerability scans, network segmentation and more.