After two days of speculation, oil field services company Halliburton on Aug. 23 confirmed it was the victim of a cyberattack on its systems.
A Halliburton spokesperson said Friday that the company is aware of the issue and is working to assess the cause and potential impact.
Halliburton stated in an Aug. 22 filing with the Securities and Exchange Commission that when it first learned of the attack, it activated its cybersecurity response plan and launched an investigation internally with the support of external advisors.
Halliburton told the SEC that its response efforts include proactively taking certain systems offline to help protect them and notifying law enforcement. The company’s ongoing response includes restoration of its systems and assessment of materiality.
As of early afternoon Friday, it was still unclear what caused the breach, who was responsible, and if the attacker tried to extort the company for a ransom.
Security pros who weighed-in were concerned about yet another attack on the nation’s critical infrastructure and advised security teams to take immediate steps to prevent unauthorized remote access to IT or OT networks and implement microsegmentation controls inside networks to limit lateral movement.
“The latter is even more urgent as the adversaries may have already planted backdoors by using undetected zero-day exploits,” said Venky Raju, Field CTO at ColorTokens. “Tools like Shodan and smap make it very easy even for amateur hacking groups to discover unprotected OT devices and exploit known vulnerabilities. Organizations should audit all their internet-accessible devices to ensure that remote access is limited to authorized users and undiscoverable by search agents.”
Richard Caralli, senior cybersecurity advisor at Axio, said the Halliburton breach highlights a critical truth: many ransomware attacks exploit basic oversights rather than sophisticated techniques.
Caralli said while the specifics of the attack are still unclear, it’s likely that this wasn’t a highly complex operation. Much like the incidents at Colonial Pipeline, Caesars, MGM, and Clorox, Caralli said the attackers may have taken advantage of simple, preventable errors — gaps in fundamental cybersecurity practices that were either inadequately implemented or not maintained over time.
“These attacks don’t necessarily involve advanced technology,” said Caralli. "Rather, they often succeed because of lapses in basic security measures. Mistakes, misconfigurations, and a lack of ongoing evaluation create vulnerabilities that can be easily exploited.”
