What exactly is CrowdStrike, and why can it "paralyze" computers worldwide?

Wall Street News, Author: Huang Wenwen, Original Title: "What is CrowdStrike, the real 'mass attack', and why can it paralyze computers worldwide?", Image Source: Visual China

This article introduces the global computer crash event caused by CrowdStrike, discussing the reasons and impacts behind it.

• 💥 CrowdStrike is a company that provides online security solutions, with its Falcon platform being used by multiple enterprises and service providers globally

• 🔒 CrowdStrike's software update error led to a global computer system crash, affecting industries such as aviation, banking, and healthcare

• 💰 The resolution of the issue and the responsibility for losses are still unclear, CrowdStrike stated that they are actively working with affected customers to resolve the problem

On Friday, July 19th, a global computer crash incident occurred in the Microsoft system, causing chaos in the market and operational issues for many enterprises, making CrowdStrike, the "culprit" behind the incident, the focus.

According to media reports, the global computer system crash on July 19th was caused by an issue with the CrowdStrike Falcon version update.

On Friday local time, during the early trading of the US stock market, CrowdStrike's stock price plummeted by 14% at one point, narrowing to 11.10% by the time of publication (morning of July 20th).

So, what company is the real culprit behind this "global computer crash"? How did it affect Microsoft and cause such significant damage?

What kind of company is CrowdStrike?

According to reports, CrowdStrike is a company that provides online security solutions, focusing on providing cloud-based endpoint protection platforms. Founded in 2011, the company is headquartered in California, USA. CrowdStrike's main product is the Falcon platform, which uses artificial intelligence and machine learning technologies to detect, prevent, and respond to network threats.

Known for its capabilities in detecting and defending against advanced network attacks, its software is used by some of the largest cloud service providers including Microsoft and Amazon AWS, as well as major global banks, healthcare, and energy companies to help detect and block hacker threats According to market research firm IDC, CrowdStrike holds about 18% of the $8.6 billion "Endpoint Detection and Response" (EDR) software market, second only to Microsoft.

How does CrowdStrike cause blue screens? Why is Microsoft involved?

The type of software provided by CrowdStrike is different from traditional, limited version security software. Traditional antivirus software was effective in the early days of computer and internet development because it could detect signs of known malware. However, as attacks became more complex, this software is no longer popular.

Now, CrowdStrike's "Endpoint Detection and Response" software is much more effective than traditional antivirus software. Like other cybersecurity products, CrowdStrike's software needs deeper access to the computer's operating system to scan for threats. This level of access gives it the ability to disrupt the systems it is trying to protect.

Microsoft and CrowdStrike are competitors, both offering similar "endpoint" cybersecurity products. CrowdStrike's Falcon platform can integrate with Microsoft's security products such as Microsoft Azure and Microsoft 365 to enhance overall network security.

Reports suggest that the incident on July 19 may have been caused by a software code update from CrowdStrike interacting incorrectly with the Windows system, leading to a large number of users experiencing "blue screen crashes."

CrowdStrike's co-founder and CEO George Kurtz acknowledged the issue and stated that remedial measures have been deployed:

"CrowdStrike is actively working with affected customers to address the defects found in a single content update on Windows hosts. Mac and Linux hosts are not affected. This is not a security incident or a network attack."

How far-reaching is CrowdStrike's impact?

A faulty software update from CrowdStrike caused cascading failures for clients in industries such as aviation, banking, healthcare, and retail. Ports, enterprises, and governments were also affected. Hospitals had to postpone surgeries, and companies like McDonald's, UPS, and FedEx experienced disruptions. Employees of banks like JP Morgan, Nomura Holdings, and Bank of America were unable to log into company systems on Friday.

For airlines, the malfunction disrupted communication between aircraft and ground control, affecting passenger travel. FlightAware shows over 21,000 flights delayed globally. Currently, United Airlines, Delta, American Airlines, Lufthansa, Air France-KLM, and Ryanair are gradually recovering, but the process is slow.

Cybersecurity professionals say that CrowdStrike's technology is a powerful tool against ransomware, but its cost (in some cases exceeding $50 per machine) means that most companies will not install it on all computers. The computers with this software installed are the most critical to protect, and if they fail, key services will also be affected Assistant Professor Marie Vasek from the Department of Computer Science at University College London stated, "The widespread computer crashes demonstrate how globally dependent the technology systems are on software from a few companies, including Microsoft and CrowdStrike. The issue here is that Microsoft is the standard software used by everyone, and vulnerabilities in CrowdStrike are deployed in every system."

CrowdStrike also mentioned that due to the company's market dominance in operating systems and productivity software, any weaknesses could potentially have catastrophic consequences.

How can the problem be resolved? Who will bear the losses?

CrowdStrike CEO George Kurtz mentioned that the root cause of the problem has been identified, and the company has deployed fixes. Apart from Mac and Linux machines, any Windows desktop or laptop affected by this update-induced crash will need to be updated again.

According to media reports citing communication between CrowdStrike and a customer, CrowdStrike's technical support team suggested that the affected systems may need to be restarted up to 15 times.

As for the extent of economic losses caused by the malfunction and who will bear these losses, it is still unknown for the time being. It is reported that most software vendors do not bear legal responsibility for the damages caused by their programs, as these programs are licensed rather than sold. However, they usually have service agreements with their largest customers, which may require assistance in remediation, discounts, or other compensations.

CrowdStrike stated in a release, "We are working with all affected customers to ensure that systems are back to normal operation and can provide the expected services to customers."

Additionally, there was another incident involving Microsoft Azure cloud services that caused service interruptions. Microsoft stated that the root problem has been resolved, but users may still experience "residual impacts."

Some analysts suggest that it is currently unclear how much of the computer system crashes are caused by defects in CrowdStrike software updates and how much is due to issues with Microsoft's online services and its enterprise cloud computing service Azure that started on Thursday.

However, a Microsoft spokesperson mentioned that the company does not believe that the CrowdStrike software vulnerability is related to the interruption affecting "some Azure customers."

Wall Street News, Author: Huang Wenwen