Halliburton confirms cyber incident in SEC filing 

U.S. energy services titan Halliburton proactively took certain systems offline “to help protect them” after a cyberattack this week, the company said Friday in a filing with federal regulators.

The company learned Wednesday that “an unauthorized third party gained access to certain parts of its systems” and that it was working with external advisers to assess and remediate the situation, the company said in a Securities and Exchange Commission filing. “The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality.”

A Halliburton spokesperson told CyberScoop late Wednesday that the company was “aware of an issue affecting certain company systems” and that it was working to understand the cause and potential impact.

Reuters was the first to report the attack Wednesday evening, citing sources familiar with the matter. 

The FBI declined to comment. The Cybersecurity and Infrastructure Security Agency referred questions to Halliburton.

A Department of Energy spokesperson said Thursday that the agency is “aware of reports of a cyber incident impacting an energy services company; however, the exact nature of the incident is unknown at this time.” There are so far no indications that the incident is impacting energy services, the spokesperson said.

The attack on Halliburton is the latest in a string of high-profile cyber incidents involving major companies, including CDK Global, Ticketmaster, Clorox, MGM Resorts and Caesars Entertainment.

A survey conducted in early 2024 by the cybersecurity firm Sophos found that although ransomware attack rates broadly may be falling, recovery times for energy, oil and natural gas and utilities have been steadily increasing since at least 2022.

The incident is reminiscent of the May 2021 ransomware attack against Colonial Pipeline, which halted fuel sales along the East Coast. The ransomware attack by the Dark Matter variant did not hit OT networks, but the company took down their systems out of an abundance of caution.

Halliburton is one of the biggest oil service companies in the world, employing just under 50,000 people globally in more than 70 countries. The company is involved in almost the entire petroleum and natural gas supply chain, such as the maintenance of oil wells. In the second quarter of 2024, Halliburton generated around $5.8 billion in total company revenue, according to recent SEC filings.

Marco Ayala, president of InfraGard Houston Members Alliance, said critical infrastructure owners and operators should prepare for when an incident occurs, which seems to have been the case with Halliburton. Ayala, who has decades of experience in the oil and gas sector, said the company appeared to have a “response plan and their teams are working diligently to isolate and remediate the incident.” 

Ayala also stressed the importance of separating networks so cyberattacks on critical services will have a limiting impact.

“It’s crucial that the operational technology they provide — and that major oil and gas companies rely on — has true demarcation,” Ayala said. “Keeping enterprise IT and operational technology (OT) segmented and capable of quick demarcation is essential to minimize the spread and impact of such threats.”