Halliburton probes 'an issue' disrupting business ops
What could the problem be? Reportedly, a cyberattack
Updated American oil giant Halliburton is investigating an "issue," reportedly a cyberattack, that has disrupted some business operations and global networks.
While the energy giant declined to call it a cyberattack, a Halliburton spokesperson told The Register that it was working to address the problem.
"We are aware of an issue affecting certain company systems and are working diligently to assess the cause and potential impact," a Halliburton spokesperson said in an emailed statement. "We have activated our preplanned response plan and are working internally, and with leading external experts, to remediate the issue."
A person familiar with the disruption, however, told Reuters that the world's second-largest oil service was undergoing a cyberattack, and said that the digital intrusion affected business operations at Halliburton's north Houston campus, along with some of its global connectivity networks.
According to some reports on social media, the payroll database along with employees' devices were compromised.
Update: Being told that Halliburton employees are getting robocalls giving them explicit instructions not to connect to the network at all. Unsubstantiated, but from a reliable source, the IT Dept is trying to set up a Protected System for critical infrastructure.
— Na'linda (@MzBlckSheep) August 21, 2024
The Halliburton spokesperson declined to answer The Register's specific questions about the incident, including if it was a ransomware infection.
- FBI: Critical infrastructure suffers spike in ransomware attacks
- Ransomware batters critical industries, but takedowns hint at relief
- FrostyGoop malware shut off heat to 600 Ukraine apartment buildings
- Six ransomware gangs behind over 50% of 2024 attacks
Criminals are increasingly targeting critical infrastructure sectors, including energy, with extortion attacks, according to law enforcement. Last year, the FBI received 1,193 complaints from organizations belonging to a critical infrastructure sector that were affected by a ransomware attack, up 37 percent from 870 in 2022.
And of the 395 ransomware attacks claimed by criminals last month, over a third (125 or 34 percent) targeted critical industrial organizations, according to a report published today by NCC Group. ®
Updated at 1430 UTC on August 23
Halliburton on Friday confirmed the "issue" disrupting its business operations and networks is, in fact, a cyberattack.
In an August 23 filing with the US Securities and Exchange Commission, the SEC, the oil giant said it became aware that an unauthorized third party broke into its computer systems on August 21.
"When the company learned of the issue, the company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity," according to Halliburton's 8-K filing to the SEC.
These response efforts include taking certain systems offline and alerting law enforcement. Halliburton is also notifying customers and other stakeholders about the breach.
"The company's ongoing investigation and response include restoration of its systems and assessment of materiality," the filing added.
A Halliburton spokesperson declined to answer The Register's questions about the digital break-in, including if the attack was a ransomware infection.