Halliburton, one of the most prominent oilfield service companies, was the subject of a recent cyberattack. The company states that on August 21, 2024, it became aware of unauthorized users accessing parts of its system. Currently, the nature of the attack is unclear. 

Security leaders weigh in

Richard Caralli, Senior Cybersecurity Advisor at Axio: 

“The Halliburton breach highlights a critical truth: many ransomware attacks exploit basic oversights rather than sophisticated techniques. While the specifics of the attack are still unclear, it’s likely that this wasn’t a highly complex operation. Much like the incidents at Colonial Pipeline, Caesars, MGM and Clorox, the attackers may have taken advantage of simple, preventable errors — gaps in fundamental cybersecurity practices that were either inadequately implemented or not maintained over time.

“These attacks don’t necessarily involve advanced technology; rather, they often succeed because of lapses in basic security measures. Mistakes, misconfigurations and a lack of ongoing evaluation create vulnerabilities that can be easily exploited.

“The takeaway from Halliburton’s experience is that organizations need to focus on consistently applying and maintaining the fundamentals of cybersecurity. It’s not always about defending against the most sophisticated threats, but ensuring that the basics are solid. This breach serves as a reminder that attention to core practices is essential in safeguarding against attacks. Maintaining these fundamentals is crucial to building resilience and reducing the risk of becoming the next target.”

Mr. Venky Raju, Field CTO at ColorTokens:

“Nation state actors have already demonstrated their ability to penetrate and attack critical infrastructure systems in the United States. So far it has been restricted to small utilities like the water supply system in Muleshoe, Texas, etc. We will soon know if the Halliburton attack is an escalation by one of these groups, or an attack on their IT networks by a different actor.

“Regardless, utilities and other critical infrastructure organizations should take immediate steps to prevent unauthorized remote access to IT and OT networks, and implement microsegmentation controls inside networks to limit lateral movement.  The latter is even more urgent as the adversaries may have already planted backdoors by using undetected zero day exploits.

“Tools like Shodan and smap make it very easy even for amateur hacking groups to discover unprotected OT devices and exploit known vulnerabilities. Organizations should audit all their Internet-accessible devices to ensure that remote access is limited to authorized users and undiscoverable by search agents.”

Donovan Tindill, Senior Director of OT Security at DeNexus:

“Following this incident (and depending on the scope of the attack), Halliburton and its many divisions could be expected to experience severe business interruption with internal staff productivity degraded, access to information and networks revoked out of caution, and large portions of both internal and external facing staff idled. In contrast, cyber incident response teams contain and eradicate the threat. Idled or severely degraded employee and subcontractor productivity during the cyber incident is potentially the best-case loss scenario.

“Cyber risk management, which typically includes cyber quantification, should be employed to understand potential financial losses to make better cybersecurity investment decisions that directly connect investments to the loss reduction ROI they provide.”

Chris Patteson, Director of Account Management at DeNexus:

“Attacks on asset heavy industrial platforms operators and critical infrastructure are going to continue to be a focus of adversaries due to the value at risk. The welcome change we are seeing is that organizations are more actively transparent, and this allows peers to assess their environments as well when activity picks up.”

Marcus Fowler, CEO of Darktrace Federal:

“Critical infrastructure providers and manufacturing companies are increasingly pursuing IT and OT convergence as the data collection and analysis benefits can dramatically improve production efficiency, maintenance and scaling. However, as OT security struggles between legacy systems and the expanding wave of IT and OT interconnectivity within their environments, the risk of cyber-physical attacks continues to grow. 

“With IT/OT convergence expanding attack surfaces, security personnel have increased workloads that make it difficult to keep pace with threats and vulnerabilities. Many organizations rely on Indicator of Compromises (IOCs) for threat detection which often miss insider threats and novel attacks because the tactics, techniques and procedures (TTPs) and attack toolkits have never been seen in practice. Anomaly-based detection is best suited to combat these types of threats. Thus, the adoption of AI-powered solutions that focus on anomalous behaviors to identify novel threats, can respond at machine speed, and help to guide recovery from cyber incidents in industrial systems is paramount for keeping critical infrastructure safe.

“Organizations with OT have historically been hesitant to adopt machine-driven response out of concerns for a misfired response disrupting critical processes. However, AI can be used to execute highly targeted and precise response mechanisms. Organizations should assess their own cyber-physical environments and perform their own risk calculations to see where it is appropriate to integrate machine-driven response, either in autonomous or human-in-the loop modes, to accelerate security team response and protect against cyber-physical attacks.”

Mark Manglicmot, Senior Vice President of Security Services at Arctic Wolf: 

“Critical Infrastructure is the lifeblood of a functioning economy and society, and threat actors realize that they can inflict a maximum amount of chaos and extortion by targeting sectors like oil & gas that provide essential services to thousands of businesses and communities. Earlier this year, the Office of the Director National Intelligence and FBI Director Chris Wray warned congress that U.S. critical infrastructure is a prime target for nation-state-backed threat actors, and attacks on organizations like Halliburton should serve as a warning sign that defending critical infrastructure must be a top priority, especially leading up to the presidential election.”