US Oilfield services giant Halliburton has confirmed that a cyberattack in August led to unauthorized third-party access and the removal of information from its systems. This data breach news comes after weeks of speculation following an initial report which highlighted a potential cyber threat directed at Halliburton.
While details remain scarce, the company has acknowledged the breach and is currently investigating the nature and scope of the information removed. In its latest 8-K Form filing to the Securities and Exchange Commission (SEC) on August 30, 2024, Halliburton stated, “The Company believes the unauthorized third party accessed and exfiltrated information from the Company’s systems.”
Nature of Exfiltrated Data Unclear
Despite confirming the breach, Halliburton has not disclosed the specific type of data that was compromised. In its SEC Filing, the company stated, “When it learned of the issue, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity.”
“The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response includes restoration of its systems and assessment of impacted data.
“The incident has caused disruptions and limitation of access to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions. The Company believes the unauthorized third party accessed and exfiltrated information from the Company’s systems. The Company is evaluating the nature and scope of the information, and what notifications are required,” the company informed.
An investigation by Google’s Mandiant
Many media reports stated that on August 26, Halliburton had informed suppliers that they had taken their systems offline out of caution and were working with Google’s incident response firm Mandiant to investigate the breach. The company is evaluating the nature and scope of the stolen information but presently does not anticipate a material impact from the breach.
“The Company has incurred, and may continue to incur, certain expenses related to its response to this incident. As of the date of this Current Report on Form 8-K, the Company believes that the incident has not had, and is not reasonably likely to have, a material impact on the Company’s financial condition or results of operations. The Company remains subject to various risks due to the incident, including the adequacy of processes during the period of disruption, diversion of management’s attention, potential litigation, changes in customer behavior, and regulatory scrutiny,” the company stated in its SEC Filing.
Weak Password Behind Breach?
According to a LinkedIn post by cybersecurity researcher Alon Gal, “Although Halliburton won’t disclose how they were hacked, it’s not surprising that they were successfully targeted given that hundreds of their employees are infected with malware. I wouldn’t be surprised if hackers gained access through Infostealer credentials, which is an increasingly common intrusion method.”
To support his claims, Alon shared graphs and stated, “Password hygiene at the company seems to be very bad, overall for sensitive login pages, 65% of passwords are considered “weak”, meaning they are 6-8 characters long and a diversity of 2-3 types of characters (lowercase, uppercase, number, and symbols).”
“In terms anti-viruses installed on these infected employee computers, just ~10% had premium anti-viruses, most had stuff like Windows Defender, and a lot had no AV installed at all,” he added.
Security Concerns for Energy Sector
This attack on Halliburton highlights the growing vulnerability of the energy sector to cyberattacks. The Cyber Express previously reported on potential threats targeting the sector, and Halliburton’s experience underscores the need for heightened cybersecurity measures within energy companies.
The lack of transparency regarding the nature of the attack and the data compromised is concerning. Companies in this industry must invest in robust security systems and train their employees to be aware of the latest cyber threats. The government must also play a role in protecting critical infrastructure from cyberattacks. This could include providing financial assistance to companies to help them improve their cybersecurity, as well as developing new regulations to strengthen the security of critical infrastructure.