A real "mass attack"! What exactly is CrowdStrike, and why can it paralyze computers worldwide?
CrowdStrike provides online security solutions, with a market share as high as 18% in the Endpoint Detection and Response (EDR) software market. During the recent global outage incident, CrowdStrike's technical support team indicated that the affected systems may need to be restarted up to 15 times
On Friday, July 7th, a global major incident occurred in the Microsoft system, causing chaos in the market and operational issues for multiple companies. The "culprit" behind the event, CrowdStrike, thus became the focus.
According to media reports, the global computer crash yesterday was caused by an issue with the CrowdStrike Falcon version update.
On Friday local time, at the beginning of the US stock market, CrowdStrike's stock price plummeted by 14% at one point, closing down by 11.10%.
So, what company is the real culprit behind this "global major incident"? How did it affect Microsoft and cause such significant damage?
What kind of company is CrowdStrike?
CrowdStrike is a company that provides online security solutions, focusing on providing cloud-based endpoint protection platforms. Established in 2011, the company is headquartered in California, USA. CrowdStrike's main product is the Falcon platform, which uses artificial intelligence and machine learning technologies to detect, prevent, and respond to network threats.
Renowned for its ability to detect and defend against advanced network attacks, its software is used by some of the largest cloud service providers including Microsoft and Amazon AWS, as well as major global banks, healthcare, and energy companies, helping them detect and block hacker threats.
According to market research firm IDC, in the $8.6 billion Endpoint Detection and Response (EDR) software market, CrowdStrike holds a market share of about 18%, second only to Microsoft.
How did CrowdStrike cause a blue screen? Why is Microsoft involved?
The type of software provided by CrowdStrike differs from traditional, limited version security software. Traditional antivirus software was effective in the early stages of computer and internet development because it could capture signs of known malicious software. However, as attacks became more complex, this software became less popular.
Now, the product developed by CrowdStrike, known as Endpoint Detection and Response (EDR) software, is much more effective than traditional antivirus software. However, like other network security products, CrowdStrike's software needs deeper access to the computer's operating system to scan threats, and this access capability allows it to disrupt the systems it tries to protect.
Microsoft and CrowdStrike are competitors, both providing "endpoint" network security products. CrowdStrike's Falcon platform can integrate with Microsoft's security products such as Microsoft Azure and Microsoft 365 to enhance overall network security protection capabilitiesAccording to reports, yesterday's incident may have been caused by an error in the interaction between the software code update released by CrowdStrike and the Windows system, leading to a crash, resulting in a large number of users experiencing "blue screen crashes".
CrowdStrike's co-founder and CEO George Kurtz acknowledged the issue and stated that remedial measures have been deployed:
"CrowdStrike is actively working with affected customers to address the defects found in a single content update on Windows hosts. Mac and Linux hosts are not affected. This is not a security incident or a network attack."
How far-reaching is CrowdStrike's impact?
A faulty software update from CrowdStrike caused cascading failures for clients in industries such as aviation, banking, healthcare, and retail, affecting ports, enterprises, and governments. Hospitals had to postpone surgeries, while McDonald's, UPS, and FedEx experienced disruptions. Employees at banks like JP Morgan, Nomura Holdings, and Bank of America were unable to log into company systems on Friday.
For airlines, the malfunction hindered communication between aircraft and ground control, impacting passenger travel. FlightAware reported over 21,000 flights delayed globally. Currently, United Airlines, Delta, American Airlines, Lufthansa, Air France-KLM, and Ryanair are gradually recovering, but at a slow pace.
Cybersecurity professionals stated,
"CrowdStrike's technology is a powerful tool against ransomware, but its cost (potentially over $50 per machine in some cases) means that most companies will not install it on all computers. The computers with this software installed are the most critical ones to protect, and if they crash, key services will also be affected."
Marie Vasek, Assistant Professor in the Department of Computer Science at University College London, commented,
"The widespread computer crashes demonstrate how globally reliant technical systems are on the software of a few companies, including Microsoft and CrowdStrike. The issue here is that Microsoft is the standard software used by everyone, and vulnerabilities in CrowdStrike are deployed across every system."
CrowdStrike itself acknowledged that due to the company's dominant market position in operating systems and productivity software, any weaknesses could potentially have catastrophic consequences.
How will the issue be resolved? Who will bear the losses?
CrowdStrike CEO George Kurtz stated that the root cause of the problem has been identified, and the company has deployed a fix. Any Windows desktops or laptops affected by this update and experiencing crashes, except for Mac and Linux machines, will need to be updated again.
In a communication with a customer cited by the media, CrowdStrike's technical support team suggested that the affected systems may need to be restarted up to 15 timesAs for the extent of economic losses caused by the malfunction and who will bear these losses, it is still unknown for a period of time. It is reported that most software suppliers do not bear legal responsibility for the damage caused by their programs, as these programs are licensed rather than sold. However, they usually have service agreements with their largest customers, which may require assistance in remediation, discounts, or other compensations.
CrowdStrike stated in a declaration,
"We are working with all affected customers to ensure that systems are restored to normal operation and can provide the services expected by customers."
In addition, it is worth noting that there was also an incident involving Microsoft Azure cloud services that caused service interruptions. Microsoft stated that the root problem has been resolved, but users may still feel the "residual impact."
Some analysts have pointed out that it is currently unclear how much of the computer system crashes are caused by defects in CrowdStrike software updates and how much are caused by issues with Microsoft's online services and its enterprise cloud computing service Azure that started on Thursday.
However, a Microsoft spokesperson stated that the company does not believe that the CrowdStrike software vulnerability is related to the interruption affecting "some Azure customers."