Security executives react to the Halliburton cyberattack
Halliburton, a prominent oilfield service company, was recently targeted in a cyberattack. According to the company’s statement on August 21, 2024, unauthorized users gained access to parts of its system. The specifics of the attack are still unclear.
Security leaders provide insights
Richard Caralli, Senior Cybersecurity Advisor at Axio:
“The breach at Halliburton highlights an important truth: many ransomware attacks exploit basic oversights rather than sophisticated techniques. While the details of the attack remain unclear, it is likely that it was not a highly complex operation. Similar to incidents at Colonial Pipeline, Caesars, MGM, and Clorox, the attackers might have exploited simple, preventable errors — gaps in fundamental cybersecurity practices that were either not properly implemented or maintained over time.
“These attacks do not necessarily involve advanced technology; rather, they often succeed due to lapses in basic security measures. Mistakes, misconfigurations, and a lack of ongoing evaluation create vulnerabilities that can be easily exploited.
“The lesson from Halliburton’s experience is that organizations need to prioritize consistently applying and maintaining the fundamentals of cybersecurity. It is not always about defending against the most sophisticated threats, but ensuring that the basics are solid. This breach serves as a reminder that attention to core practices is crucial in safeguarding against attacks. Maintaining these fundamentals is essential for building resilience and reducing the risk of being the next target.”
Mr. Venky Raju, Field CTO at ColorTokens:
“Nation-state actors have already shown their ability to infiltrate and attack critical infrastructure systems in the United States. Up to now, this has been limited to small utilities like the water supply system in Muleshoe, Texas, etc. We will soon find out if the attack on Halliburton is an escalation by one of these groups or an attack on their IT networks by a different actor.
“Regardless, utilities and other critical infrastructure organizations should take immediate steps to prevent unauthorized remote access to IT and OT networks, and implement microsegmentation controls within networks to limit lateral movement. The latter is even more urgent as adversaries may have already planted backdoors using undetected zero-day exploits.
“Tools like Shodan and smap make it very easy even for amateur hacking groups to discover unprotected OT devices and exploit known vulnerabilities. Organizations should audit all their Internet-accessible devices to ensure that remote access is restricted to authorized users and undiscoverable by search agents.”
Donovan Tindill, Senior Director of OT Security at DeNexus:
“Following this incident (and depending on the scope of the attack), Halliburton and its various divisions could face severe business interruption with internal staff productivity reduced, access to information and networks restricted as a precaution, and both internal and external staff idled in large numbers. In contrast, cyber incident response teams can contain and eliminate the threat. Idled or severely reduced employee and subcontractor productivity during the cyber incident is potentially the best-case scenario in terms of losses.
“Cyber risk management, which typically includes cyber quantification, should be used to understand potential financial losses to make better cybersecurity investment decisions that directly link investments to reducing losses.”
Chris Patteson, Director of Account Management at DeNexus:
“Attacks on asset-heavy industrial platform operators and critical infrastructure will continue to be a focus for adversaries due to the high value at risk. The positive change we are seeing is that organizations are becoming more transparent, allowing peers to assess their environments when activity increases.”
