Cybersecurity Incident Costing Energy Service Provider Tens of Millions

Executive Summary

One of the world’s largest oil service providers, Halliburton, is still recovering from a cybersecurity incident which occurred on August 24th. [1] Although the full extent of the attack has not been released to the public the incident did cause a disruption in Halliburton’s operations as systems were taken offline to prevent further intrusion and assess the breach. Halliburton has recently revealed the incident has cost them $35 million so far [3] and may still climb even higher once the dust has settled. It has not been confirmed whether Halliburton paid a ransom or if the attackers ever demanded payment in the first place. RansomHub, a new ransomware group formed in February of 2024, is believed to have orchestrated the attack although the use of ransomware in this incident has not been confirmed.

Background

According to Halliburton, “Halliburton is one of the world’s leading providers of products and services to the energy industry.” [4] Although Halliburton is headquartered in Houston, Texas they have operations in many different countries all over the world. With 40,000 employees and valued at $35.3 billion, Halliburton is a behemoth in the energy industry. [5]

Although the group RansomHub is quite new the ransomware group has been very busy; with RansomHub’s website claiming 180 victims and the US government claiming at least 210 victims impacted by RansomHub’s antics. [2] The victims seem to range from several different fields including healthcare, water, manufacturing, and transportation although RansomHub does seem to target critical infrastructure      specifically.

Significance

This incident is especially important as Halliburton is an industry giant that      has a response team and protocol in place to answer security breaches as quickly as possible. However, even considering the implementation of these measures it is still costing Halliburton tens of millions. Imagine the damage that      could have occurred if the breach was detected later or if a response team was not put in place beforehand. In today’s world no one is safe and there is no company that is too big a target for these threats. Malicious actors all around the world work to infiltrate these organizations for a variety of reasons and show the importance of adopting the mindset of when the next security breach will happen, not if the next security breach will happen.

Conclusion

What organizations can take away from this incident is that implementing best practices to reduce cybersecurity risk may be an investment of time, money, and manpower, but it is likely to save money in the long run. Regularly conducting risk evaluations can help to identify vulnerabilities, especially as the organization grows and changes. Conducting regular training exercises to ensure all employees are aware of the dangers of working online and can recognize      and report any unusual behavior. Implementing zero-trust architecture can severely limit an attacker’s movement within any organization even if they were to take complete control over a system on the network. Also, constant monitoring of the entire network and implementing tools to enable the quickest and most efficient method of detecting and addressing abnormal activity.

References

1. Kerner, S. (2024). Halliburton cyberattack explained: What happened? TechTarget. https://www.techtarget.com/whatis/feature/Halliburton-cyberattack-explained-What-happened
2. Kovacs, E. (2024). US Government Issues Advisory on Ransomware Group Blamed for Halliburton Cyberattack. SecurityWeek. https://www.securityweek.com/us-government-issues-advisory-on-ransomware-group-blamed-for-halliburton-cyberattack/
3. Kovacs, E. (2024). Cyberattack Cost Oil Giant Halliburton $35 Million. SecurityWeek. https://www.securityweek.com/cyberattack-cost-oil-giant-halliburton-35-million/
4. Halliburton. (n.d.). About Halliburton. Halliburton. https://www.halliburton.com/en/about-us
5. GlobalData. (2024). Halliburton Co: Overview. GlobalData. https://www.globaldata.com/company-profile/halliburton-co/#:~:text=The%20company%20has%20manufacturing%20facilities,Houston%2C%20Texas%2C%20the%20US.