What Is CrowdStrike, the Cybersecurity Company Behind the Global Tech Chaos?A glitch in a software update from the cybersecurity firm caused grounded flights and a global wave of blue screens of death.

 Late Thursday night on the U.S. East Coast, reports began trickling out that PC-based systems were not functioning. Flights were grounded, the U.K. health system had to pause certain operations, and emergency services were cut off. Around the globe, people experienced what's known as the blue screen of death, a dreaded error message against a blue background indicating the system was not functioning.

It soon became clear that there was an issue with an update to CrowdStrike cybersecurity software for Windows users. CrowdStrike co-founder and CEO George Kurtz posted on X early Friday morning that it was not a cyberattack and that "the issue has been identified, isolated and a fix has been deployed."

Soon after, a visibly tired Kurtz appeared on Today to say he was "deeply sorry" for the disruptions and that the company was working with clients to get systems back online. Host Hoda Kotb noted that computers at NBC's studios had been affected.

Austin-based CrowdStrike was founded in Sunnyvale, California, in 2012 by Kurtz, Gregg Marston, and Dimitri Alperovich. Kurtz and Alperovich had previously worked together at antivirus software company McAfee; Marston had been CFO of Foundstone, an IT company Kurtz co-founded that McAfee acquired.

At the time, cybersecurity software was focused on detecting viruses and malware, but CrowdStrike's founders took the then-novel approach of tracking the hackers behind the intrusions. Their system was "based on robust machine-learning infrastructure and artificial intelligence that looks for behavioral attack patterns and indicators of attack to identify bad actors," Kurtz told Inc. in 2016.

Systems like McAfee's were also slow because the software scanned a person's machine each time they turned on the computer -- a process that could take 15 minutes. CrowdStrike's system was cloud-based, meaning it was "lightweight and nimble" and didn't slow down a user's computer, Kurtz said.

Today, CrowdStrike's signature product is the cloud-based Falcon platform that works across a company's IT systems and continuously monitors for threats such as malware or unauthorized access.

"Always staying ahead of the adversary is a tall task," Kurtz said on Today. To respond to new threats, CrowdStrike regularly sends out software updates. Clearly, something went awry in the most recent update -- it was a "weird interaction" with Windows systems as Kurtz called it. Mac and Linux users were not affected.

CrowdStrike was No. 144 on the Inc. 5000 list of the fastest-growing companies in America in 2016 and appeared on Inc.'s list of the best-led companies in America in 2021. It went public on Nasdaq in 2019. Major corporations and governments often call in CrowdStrike for incident response after they've been hacked. The company made headlines when it was tapped to investigate the hacks of Sony Pictures in 2014 and the Democratic National Committee in 2016.

By mid-morning on Friday, systems were coming back online, but the reputational damage to CrowdStrike may be hard to shake. The incident raises questions about how a routine software update could cause so much havoc. "This is a very, very uncomfortable illustration of the fragility of the world's core internet infrastructure," Ciaran Martin, the former chief executive of Britain's National Cyber Security Center, told The New York Times.

Security experts said CrowdStrike's (CRWD.O), opens new tab routine update of its widely used cybersecurity software, which caused clients' computer systems to crash globally on Friday, apparently did not undergo adequate quality checks before it was deployed.

The latest version of its Falcon Sensor software was meant make CrowdStrike clients' systems more secure against hacking by updating the threats it defends against. But faulty code in the update files resulted in one of the most widespread tech outages in recent years for companies using Microsoft's (MSFT.O), opens new tab Windows operating system.

Global banks, airlines, hospitals and government offices were disrupted. CrowdStrike released information to fix affected systems, but experts said getting them back online would take time as it required manually weeding out the flawed code.

"What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," said Steve Cobb, chief security officer at Security Scorecard, which also had some systems impacted by the issue.

Problems came to light quickly after the update was rolled out on Friday, and users posted pictures on social media of computers with blue screens displaying error messages. These are known in the industry as "blue screens of death."

Patrick Wardle, a security researcher who specialises in studying threats against operating systems, said his analysis identified the code responsible for the outage.

The update's problem was "in a file that contains either configuration information or signatures," he said. Such signatures are code that detects specific types of malicious code or malware.

"It's very common that security products update their signatures, like once a day... because they're continually monitoring for new malware and because they want to make sure that their customers are protected from the latest threats," he said.

The frequency of updates "is probably the reason why (CrowdStrike) didn't test it as much," he said.

It's unclear how that faulty code got into the update and why it wasn't detected before being released to customers.

"Ideally, this would have been rolled out to a limited pool first," said John Hammond, principal security researcher at Huntress Labs. "That is a safer approach to avoid a big mess like this."

Other security companies have had similar episodes in the past. McAfee's buggy antivirus update in 2010 stalled hundreds of thousands of computers.

But the global impact of this outage reflects CrowdStrike's dominance. Over half of Fortune 500 companies and many government bodies such as the top U.S. cybersecurity agency itself, the Cybersecurity and Infrastructure Security Agency, use the company's software.

 Catastrophic computer outages caused by a software update from one company have once again exposed the dangers of global technological dependence on a handful of players, experts warned on Friday (Jul 19).

A flawed update sent out by the little-known security firm CrowdStrike brought airlines, TV stations, and myriad other aspects of daily life to a standstill.

The outages affected companies or individuals that use CrowdStrike on the Microsoft Windows platform: when they applied the update, the incompatible software crashed computers into a frozen state known as the "Blue Screen of Death".

An employee walks past rebooting arrivals and departures screens at Phoenix Sky Harbor International Airport on Friday, Jul 19, 2024, in Phoenix. An overnight outage was blamed on a software update that cybersecurity firm CrowdStrike sent…see more

"Today CrowdStrike has become a household name, but not in a good way, and this will take time to settle down," said Dan Ives of Wedbush Securities.

The breakdown quickly fueled discussions about internet giants' power over the increasingly digital world economy, with more activity now taking place in the computing "cloud" or on a few apps or platforms.

JUST A "TASTE"

When those platforms have flaws - or are deliberately attacked - the world seems to collapse.

In recent months, entire healthcare systems and industries have been paralyzed after hackers infiltrated their systems, leaving consumers at their wits' end and companies at a loss.

Passengers sit behind the check in desk as they wait due to a global technology outage at Toronto Pearson Airport, on Friday, July 19, 2024. (Photo: AP/Chris Young/The Canadian Press)

"I think we're just getting a taste of some potential effects of real reliance by the financial sector and sectors across the economy on a handful of cloud companies and other key systems," Rohit Chopra, director of the US Consumer Financial Protection Bureau, told CNBC.

"There are just a handful of big cloud companies where so much of the economy is now resting."

The world has seen a major shift to cloud computing, where companies use servers offered by big tech giants for their computing needs instead of their own infrastructure.

Amazon, through its AWS company, is the world leader, followed by Microsoft's Azure and Google Cloud.

Friday's breakdown was caused by a malfunctioning software update fed to Microsoft Windows users by CrowdStrike, which specializes in cybersecurity for cloud-based companies.

"We're deeply sorry for the impact we've caused to customers, travelers, and anyone affected by this," CrowdStrike CEO Kurtz said in an interview on NBC's Today Show.

Microsoft blamed the problems on CrowdStrike, but industry insiders warned that the issue stems from entrusting the digital world to just a few key companies.

"It's going to continue to raise issues for systems or businesses wholly dependent on Microsoft - this issue of concentration risk," Michael Daniel, former White House cybersecurity coordinator and current head of the Cyber Threat Alliance told AFP.

"How do you balance the benefits of having everybody on the same operating system with the concentration risk that poses?"

Callie Guenther, senior manager of cyber threat research at Critical Start, warned that the shift to big players amplifies the impact of any system failure or vulnerability.

One error, like CrowdStrike's on Friday, threatens society's smooth functioning worldwide, she said.

NO CONTINGENCY PLAN

Andrius Minkevicius, co-founder of Cyber Upgrade, a cybersecurity company, said that businesses must fight the complacency often associated with outsourcing technology to big vendors.

"Today, we're seeing an example of those who relied mostly on vendor-offered cyber protection without additional contingency plans and are now suffering reputational and financial damage," he said.

Experts warn that this incident will likely invite scrutiny from regulators and officials.

"CrowdStrike will probably have to let some outside people come in and examine how this happened," said Cyber Threat Alliance's Daniel.

How to fix your computer if you are affected by the crowdstrike crash pic.twitter.com/a9fEOzthad

— timshady (@timshadyeth) July 19, 2024