On Friday, oil firm Halliburton revealed further details to regulators regarding a recent attack that forced the shutdown of critical systems. The company told news outlets that it was struck by a cyberattack on Wednesday, which disrupted operations at its Houston headquarters.
In an 8-K filing filed Thursday with the Securities and Exchange Commission (SEC), the firm stated that attackers "gained access to certain of its systems." The firm is currently investigating the matter with the assistance of contractors.
“The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality,” Halliburton vice president Charles Geer noted in the report.
Geer also stated that they are in contact with users and other stakeholders as they try "to identify any effects of the incident."
According to Reuters, following the cyberattack, some employees were instructed not to access the company's internal network. No group claimed responsibility for the incident as of Friday afternoon.
Halliburton, known for its controversial role in the Iraq War, is one of the world's major oil field service businesses, with almost 48,000 employees. The firm generated $5.8 billion in revenue in the first quarter of 2024. Businesses in the oil and gas industry continue to be targeted by hackers and ransomware gangs because they have a history for paying ransoms.
While no cases have been confirmed, ransomware gangs have discovered at least five oil and gas businesses on their leak sites since June. For the past three years, oil and gas firms have been impacted by a number of cyber incidents, however the attacks on Colonial Pipeline and Shell have garnered the most media attention.
It has become a major issue that G7 members in June have "committed to taking critical action to strengthen the cybersecurity of the global supply chain of key technologies used to manage and operate electricity, oil, and natural gas systems across the world."
In May, the Transportation Security Administration (TSA) updated cybersecurity standards for operators of potentially dangerous liquid and natural gas pipelines, as well as liquefied natural gas installations.
The regulations, which have been in place since the Colonial Pipeline attack, require operators to confirm to TSA that they have implemented a variety of cybersecurity policies, including an incident response plan, the establishment of a cybersecurity coordinator position, vulnerability inspections, network segmentation, and more.