CrowdStrike

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

This article is about the company. For the widespread IT system outage in July 2024, see 2024 CrowdStrike incident.

CrowdStrike Holdings, Inc.

Company type	Public
Traded as	Nasdaq: CRWD (Class A) Nasdaq-100 component S&P 500 component
Industry	Information security
Founded	2011; 13 years ago (2011)
Founders	George Kurtz Dmitri Alperovitch Gregg Marston
Headquarters	Austin, Texas , United States
Key people	George Kurtz (CEO) Michael Sentonas (President)[1]
Revenue	US$3.06 billion (FY24)
Operating income	US$−2 million (FY24)
Net income	US$89.3 million (FY24)
Total assets	US$6.65 billion (FY24)
Total equity	US$2.30 billion (FY24)
Number of employees	7,925 (FY24)
Website	www.crowdstrike.com
Footnotes / references Financials as of fiscal year ended January 31, 2024[update]. References:[2]

The company has been involved in investigations of several high-profile cyberattacks, including the 2014 Sony Pictures hack, the 2015–16 cyberattacks on the Democratic National Committee (DNC), and the 2016 email leak involving the DNC.^[3][4] On July 19, 2024, it issued a faulty update to its security software that caused global computer outages that disrupted air travel, banking, broadcasting, and other services.^[5][6][7]

Description

CrowdStrike is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.^[8] Until July 2024 is was "best known for deploying immediate updates upon detecting threats, distributing as many as 10-12 per day."^[9] Since then it has been offering phased or staggered update rollout.^[9]

History

Founding: 2011–2019

CrowdStrike was co-founded in 2011 by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (CFO, retired).^{[10][11][12][13]} The following year, they hired Shawn Henry, a former Federal Bureau of Investigation (FBI) official, to lead the subsidiary CrowdStrike Services, Inc., which offered security and response services.^[14][15] The company launched CrowdStrike Falcon, an antivirus package, as its first product in June 2013.^[16][17]

In May 2014, CrowdStrike's reports helped the United States Department of Justice to charge five Chinese military hackers with economic cyber espionage against U.S. corporations.^[18] CrowdStrike also uncovered the activities of Energetic Bear, a group connected to Russia's Federal Security Service that conducted intelligence operations against global targets, primarily in the energy sector.^[19]

After the Sony Pictures hack, CrowdStrike uncovered evidence implicating the government of North Korea and demonstrated how the attack was carried out.^[20] In 2014, CrowdStrike helped identify members of Putter Panda, the state-sponsored Chinese group of hackers also known as PLA Unit 61486.^[21][22]

In May 2015, the company released information about VENOM, a critical flaw in an open-source hypervisor called Quick Emulator (QEMU) that allowed attackers to access sensitive personal information.^[23][24] In October 2015, CrowdStrike announced that it had identified Chinese hackers attacking technology and pharmaceutical companies around the time that U.S. President Barack Obama and China's leader Xi Jinping publicly agreed not to conduct economic espionage against each other. The alleged hacking would have been in violation of that agreement.^[25]

In July 2015, Google invested in the company's Series C funding round, which was followed by Series D and Series E, raising a total of $480 million as of May 2019.^[26][27][28]

In 2017, the company reached a valuation of more than $1 billion with an estimated annual revenue of $100 million.^[29] In June 2018, the company said it was valued at more than $3 billion.^[27] Investors include Telstra, March Capital Partners, Rackspace, Accel Partners and Warburg Pincus.^[30][31]

In June 2019, the company made an initial public offering on the Nasdaq.^[32][33]

Acquisitions: 2020–2024

In September 2020, CrowdStrike acquired zero trust and conditional access technology provider Preempt Security for $96 million.^[34] In February 2021, the company acquired Danish log management platform Humio for $400 million with plans to integrate Humio's log aggregation into CrowdStrike's XDR offering.^[35] Later that November, CrowdStrike acquired SecureCircle, a SaaS-based cybersecurity service that extends zero trust endpoint security to include data.^[36] In December 2021, the company moved its headquarters location from Sunnyvale, California, to Austin, Texas.^[37] In 2023, CrowdStrike introduced CrowdStream service in collaboration with Cribl.io.^[38] CrowdStrike has also focused on working with the U.S. government and selling its services to government agencies.^[39] CrowdStrike joined the S&P 500 index in June 2024.^[40] In 2023, CrowdStrike acquired Israeli cybersecurity startup Bionic.ai.^[41] In 2024, CrowdStrike acquired Israeli startup Flow Security.^[42]

Incident: 2024

Main article: 2024 CrowdStrike incident

On 19 July 2024, CrowdStrike released a software configuration file update to the Falcon endpoint detection and response agent. Flaws in the update caused blue screens of death on Microsoft Windows machines, disrupting millions of Windows computers worldwide.^[43][44] Affected machines were forced into a bootloop, making them unusable. This was caused by an update to a configuration file, Channel File 291, which CrowdStrike says triggered a logic error and caused the operating system to crash.^[45] The downtime caused a widespread global impact, grounding commercial airline flights, temporarily taking Sky News and other broadcasters offline, and disrupting banking and healthcare services as well as 911 emergency call centers.^[7][46]

By the end of the day, CrowdStrike shares closed trading at a price of $304.96, down $38.09 or 11.10%.^[47]

Although CrowdStrike issued a patch to fix the error, computers stuck in a bootloop were unable to connect to the Internet to download the patch before Falcon would be loaded and crash the device again. The recommended solution from CrowdStrike was to boot into safe mode or Windows Recovery Mode and manually delete Channel File 291.^[48] This requires local administrator access and if the device was encrypted by BitLocker, also required a recovery key.^[49] Microsoft reported that some customers were able to remediate the issue solely by rebooting impacted devices up to 15 times.^[50] On 22 July 2024, CrowdStrike shares closed the trading day at a price of $263.91, with a loss of $41.05 or 13.46%.^[51] On 24 July 2024, CrowdStrike reportedly contacted affected channel partners with apology emails containing Uber Eats gift cards worth $10.^[52][53][54] The CrowdStrike incident cost Fortune 500 companies $5.4 billion.^[9]

Lobbying

As of 2024, CrowdStrike spent more than $360,000 on federal lobbying in the first half of 2024, according to OpenSecrets and $620,000 during 2023.^[9]

Earnings

In 2024, total revenue was 3.06 billion$, a 36% increase.^[9]

Russian hacking investigations

CrowdStrike helped investigate the Democratic National Committee cyberattacks and a connection to Russian intelligence services.^[55] On 20 March 2017, James Comey testified before congress stating, "CrowdStrike, Mandiant, and ThreatConnect review[ed] the evidence of the hack and conclude[d] with high certainty that it was the work of APT 28 and APT 29 who are known to be Russian intelligence services."^[56] Comey previously testified in January 2017 that a request for FBI forensics investigators to access the DNC servers was denied, saying "Ultimately what was agreed to is the private company [CrowdStrike] would share with us what they saw."^[57]

In December 2016, CrowdStrike released a report stating that Russian government-affiliated group Fancy Bear had hacked a Ukrainian artillery app.^[58] They concluded that Russia had used the hack to cause large losses to Ukrainian artillery units. The app (called ArtOS) is installed on tablet PCs and used for fire-control.^[59] CrowdStrike also found a hacked variation of POPR-D30 being distributed on Ukrainian military forums that utilized an X-Agent implant.^[60]

The International Institute for Strategic Studies rejected CrowdStrike's assessment that claimed hacking caused losses to Ukrainian artillery units, saying that their data on Ukrainian D30 howitzer losses was misused in CrowdStrike's report. The Ukrainian Ministry of Defense also rejected the CrowdStrike report, stating that actual artillery losses were much smaller than what was reported by CrowdStrike and were not associated with Russian hacking.^[61] Prior to this, CrowdStrike had published a report claiming that malware used in Ukraine and against the Democratic National Committee (DNC) appeared to be unique and identical, further evidence for a Russian origin of the DNC attack.^[62]

Cybersecurity firm SecureWorks discovered a list of email addresses targeted by Fancy Bear in phishing attacks. The list included the email address of Yaroslav Sherstyuk, the developer of ArtOS.^[63] Additional Associated Press research supports CrowdStrike's conclusions about Fancy Bear.^[64] Radio Free Europe notes that the AP report "lends some credence to the original CrowdStrike report, showing that the app had, in fact, been targeted."^[65]

In the Trump–Ukraine scandal, Donald Trump, then the president of the United States, held a 25 July 2019, phone call with Volodymyr Zelensky, the president of Ukraine, in which Trump asked Zelensky to look into a conspiracy theory that was being promoted on far-right websites such as Breitbart News and Russian state media outlets such as Russia Today and Sputnik.^[66] The theory held that namely, that the Ukrainian government used CrowdStrike to hack into the Democratic National Committee's servers in 2016 and frame Russia for the crime to undermine Trump in the 2016 presidential election.^[67][68] The conspiracy theory has been repeatedly debunked.^[69][70][71]

Multiple blue screens of death, caused by an update pushed by CrowdStrike, on airport luggage conveyor belts at LaGuardia Airport, New York City

See also

• Operating systems
• Chinese intelligence activity abroad
• Chinese intelligence operations in the United States
• Timeline of Russian interference in the 2016 United States elections
• Timeline of investigations into Donald Trump and Russia (January–June 2017)

References

1. Richardson, Tom (31 March 2024). "CrowdStrike's Australian boss snares $225m cybersecurity fortune". Australian Financial Review. Archived from the original on 20 July 2024. Retrieved 21 July 2024.
2. "US SEC: Form 10-K Crowdstrike Holdings, Inc". U.S. Securities and Exchange Commission. 7 March 2024.
3. "CrowdStrike demonstrates how attackers wiped the data from the machines at Sony". International Data Group. 2015. Archived from the original on 20 August 2016. Retrieved 9 June 2016.
4. Hamburger, Tom; Nakashima, Ellen (24 July 2016). "Clinton campaign – and some cyber experts – say Russia is behind email release". The Washington Post.
5. Banfield-Nwachi, Mabel (19 July 2024). "Windows global IT outage: what we know so far". The Guardian. London, United Kingdom. ISSN 0261-3077. Archived from the original on 22 July 2024. Retrieved 19 July 2024.
6. Plummer, Robert (19 July 2024). "Crowdstrike and Microsoft: What we know about global IT outage". BBC News. Archived from the original on 22 July 2024. Retrieved 19 July 2024.
7. Godfrey, Paul; Druker, Simon; Wynder, Ehren (19 July 2024). "911 call centers back online after IT outage causes global chaos". United Press International. Retrieved 19 July 2024.
8. "CrowdStrike's security software targets bad guys, not their malware". TechRepublic. 9 October 2015. Archived from the original on 2 June 2016. Retrieved 10 June 2016.
9. Charlotte Ehrlich (9 October 2024). "Facing scrutiny over global outage, cybersecurity firm CrowdStrike on track for record year of federal lobbying spending".
10. "In conversation with George Kurtz, CEO of CrowdStrike". Fortune. Archived from the original on 1 July 2019. Retrieved 1 July 2019.
11. "Bloomberg – Dmitri Alperovitch". www.bloomberg.com. Archived from the original on 14 July 2020. Retrieved 14 February 2020.
12. "Standing up at the gates of hell: CrowdStrike CEO George Kurtz". Fortune. 29 July 2015. Archived from the original on 29 May 2016. Retrieved 10 June 2016.
13. Albert-Deitch, Cameron (15 May 2019). "CrowdStrike, the $3.4 Billion Startup That Fought Russian Spies in 2016, Just Filed for an IPO". Inc.com. Archived from the original on 3 June 2019. Retrieved 1 July 2019.
14. Ragan, Steve (23 April 2012). "Former FBI Exec to Head CrowdStrike Services". SecurityWeek. Archived from the original on 20 January 2021. Retrieved 13 December 2020.
15. Messmer, Ellen (18 April 2012). "Top FBI cyber cop joins startup CrowdStrike to fight enterprise intrusions". Network World. Archived from the original on 8 March 2024. Retrieved 10 June 2016.
16. Messmer, Ellen (18 June 2013). "Start-up tackles advanced persistent threats on Microsoft, Apple computers". Network World. Archived from the original on 17 May 2019. Retrieved 1 July 2019.
17. "U.S. firm CrowdStrike claims success in deterring Chinese hackers". Reuters. 13 April 2015. Archived from the original on 12 November 2017. Retrieved 14 June 2016.
18. Gorman, Devlin Barrett and Siobhan (20 May 2014). "U.S. Charges Five in Chinese Army With Hacking". Wall Street Journal. ISSN 0099-9660. Archived from the original on 15 February 2020. Retrieved 14 February 2020.
19. "The old foe, new attack and unsolved mystery in the recent U.S. energy sector hacking campaign". CyberScoop. 12 July 2017. Archived from the original on 24 September 2019. Retrieved 14 February 2020.
20. "What's in a typo? More evidence tying North Korea to the Sony hack". PCWorld. Archived from the original on 19 August 2016. Retrieved 14 June 2016.
21. Perlroth, Nicole (9 June 2014). "2nd China Army Unit Implicated in Online Spying". The New York Times. ISSN 0362-4331. Archived from the original on 12 November 2017. Retrieved 14 June 2016.
22. "Second China unit accued of cyber crime". Financial Times. 10 June 2014. Retrieved 10 June 2014.
23. "'Venom' vulnerability: Serious computer bug shatters cloud security". Fortune. 13 May 2015. Archived from the original on 25 April 2016. Retrieved 14 June 2016.
24. Goodin, Dan (13 May 2015). "Extremely serious virtual machine bug threatens cloud providers everywhere". Ars Technica. Archived from the original on 22 June 2019. Retrieved 1 July 2019.
25. Yadron, Danny (19 October 2015). "Report Warns of Chinese Hacking". Wall Street Journal. Archived from the original on 17 May 2019. Retrieved 1 July 2019.
26. Kuranda, Sarah (17 May 2017). "Crowdstrike Lands $100M Funding Round, Looks To Expand Globally And Invest In Partners". CRN. Archived from the original on 3 June 2019. Retrieved 1 July 2019.
27. "Cybersecurity startup CrowdStrike raises $200 million at $3 billion valuation". VentureBeat. 19 June 2018. Archived from the original on 3 June 2019. Retrieved 1 July 2019.
28. "CrowdStrike may top these 6 biggest-ever U.S. security IPOs next month". www.bizjournals.com. Archived from the original on 28 April 2020. Retrieved 24 February 2020.
29. Hackett, Robert (17 May 2017). "Hack Investigator CrowdStrike Reaches $1 Billion Valuation". FORTUNE. Archived from the original on 1 July 2019. Retrieved 9 June 2017.
30. "Security Company CrowdStrike Scores $100M Led By Google Capital". TechCrunch. 13 July 2015. Archived from the original on 4 April 2019. Retrieved 1 July 2019.
31. "CrowdStrike raises $100 million for cybersecurity". www.bizjournals.com. Archived from the original on 28 April 2020. Retrieved 24 February 2020.
32. Murphy, Hannah (13 June 2019). "Cyber security group CrowdStrike's shares jump more than 70% after IPO". Financial Times. ISSN 0307-1766. Archived from the original on 30 July 2024. Retrieved 13 June 2019.
33. Feiner, Lauren (12 June 2019). "CrowdStrike pops more than 70% in debut, now worth over $11 billion". CNBC. Archived from the original on 12 June 2019. Retrieved 12 June 2019.
34. Gagliordi, Natalie. "CrowdStrike to acquire Preempt Security for $96 million". ZDNet. Archived from the original on 26 September 2020. Retrieved 28 September 2020.
35. Cimpanu, Catalin (18 February 2021). "CrowdStrike acquires Humio for $400 million". ZDNet. Archived from the original on 11 July 2024. Retrieved 10 July 2024.
36. Novinson, Michael (1 November 2021). "CrowdStrike To Buy Data Protection Startup SecureCircle". CRN. Archived from the original on 22 July 2024. Retrieved 10 June 2024.
37. "CrowdStrike Changes Principal Office to Austin, Texas". CrowdStrike. 28 December 2021. Archived from the original on 28 January 2022. Retrieved 2 February 2022.
38. Alspach, Kyle. "RSAC 2023 Sees Big Moves From SentinelOne, CrowdStrike, Google Cloud, Accenture | CRN". www.crn.com. Archived from the original on 22 July 2024. Retrieved 29 February 2024.
39. "CrowdStrike CEO George Kurtz on China, Microsoft and the SEC". CNBC. 14 December 2023. Archived from the original on 22 July 2024. Retrieved 19 July 2024.
40. Carson, Ed (9 June 2024). "CrowdStrike, KKR, GoDaddy To Join S&P 500 In Quarterly Rebalance; Stocks Jump". Investor's Business Daily. Archived from the original on 9 June 2024.
41. "CrowdStrike acquiring cyber startup Bionic for $350 million". CTech. 19 September 2023.
42. "CrowdStrike acquiring cyber startup Flow Security in $200 million deal". CTech. 6 March 2024. Archived from the original on 20 July 2024. Retrieved 19 July 2024.
43. Baran, Guru (19 July 2024). "CrowdStrike Update Pushing Windows Machines Into a BSOD Loop". Cyber Security News. Archived from the original on 19 July 2024. Retrieved 19 July 2024.
44. Sharwood, Simon. "CrowdStrike code update bricking Windows machines around the world". The Register. Archived from the original on 19 July 2024. Retrieved 19 July 2024.
45. CrowdStrike (20 July 2024). "Technical Details: Falcon Update for Windows Hosts | CrowdStrike". crowdstrike.com. Retrieved 20 July 2024.
46. Warren, Tom (19 July 2024). "Major Windows BSOD issue takes banks, airlines, and broadcasters offline". The Verge. Archived from the original on 19 July 2024. Retrieved 19 July 2024.
47. "CrowdStrike Holdings Inc CRWD:NASDAQ". cnbc.com. 29 January 2012. Archived from the original on 16 June 2024. Retrieved 19 July 2024.
48. "KB5042421: CrowdStrike issue impacting Windows endpoints causing an 0x50 or 0x7E error message on a blue screen - Microsoft Support". support.microsoft.com. Retrieved 20 July 2024.
49. Warren, Tom (19 July 2024). "Here's how IT admins are fixing the Windows Blue Screen of Death chaos". The Verge. Archived from the original on 20 July 2024. Retrieved 20 July 2024.
50. Warren, Tom (19 July 2024). "Microsoft on CrowdStrike outage: have you tried turning it off and on? (15 times)". The Verge. Archived from the original on 20 July 2024. Retrieved 20 July 2024.
51. "CrowdStrike Holdings, Inc. Class A Common Stock (CRWD)". nasdaq.com. Retrieved 22 July 2024.
52. Franceschi-Bicchierai, Lorenzo (24 July 2024). "CrowdStrike offers a $10 apology gift card to say sorry for outage". TechCrunch. Retrieved 24 July 2024.
53. Sato, Mia (19 July 2024). "CrowdStrike and Microsoft: all the latest news on the global IT outage". The Verge. Retrieved 14 August 2024.
54. Milmo, Dan; editor, Dan Milmo Global technology (25 July 2024). "CrowdStrike faces backlash as 'thank you' gift cards are blocked". The Guardian. ISSN 0261-3077. Retrieved 14 August 2024. {{cite news}}: |last2= has generic name (help)
55. Энжел-Ау Юнг (Angel-Au Jung) (20 March 2020). "Охотник на хакеров и враг Трампа: как миллионер из США ловит киберпреступников из России, Китая и Ирана" [Hacker hunter and Trump's enemy: how a millionaire from the United States catches cybercriminals from Russia, China and Iran]. Forbes (forbes.ru) (in Russian). Archived from the original on 28 September 2020. Retrieved 20 September 2024.
56. "Full transcript: FBI Director James Comey testifies on Russian interference in 2016 election". Archived from the original on 23 May 2017. Retrieved 22 May 2017.
57. "FBI Director Comey: Agency requested access to DNC server". CBS News. 10 January 2017. Archived from the original on 21 September 2019. Retrieved 19 July 2024.
58. "Russian hackers linked to DNC attack also targeted Ukrainian military, says report". theverge.com. 23 December 2016. Archived from the original on 17 November 2019. Retrieved 26 June 2019.
59. Noosphere engineering school (31 October 2015). "New brainchild of engineering school was tested by the armed forces". noosphereengineering.com. Archived from the original on 29 December 2017. Retrieved 28 December 2017.
60. Boldi (3 January 2017). "Technical details on the Fancy Bear Android malware (poprd30.apk)". Laboratory of Cryptography and System Security, Budapest University of Technology and Economics. Archived from the original on 9 February 2018. Retrieved 8 February 2018.
61. Kuzmenko, Oleksiy (23 March 2017). "Think Tank: Cyber Firm at Center of Russian Hacking Charges Misread Data". Voice of America. Archived from the original on 20 January 2018. Retrieved 20 December 2017.
62. "Group allegedly behind DNC hack targeted Ukraine, report finds". The Guardian. 22 December 2016. Archived from the original on 16 May 2017. Retrieved 19 July 2024.
63. Miller, Christopher (2 November 2017). "Fancy Bear Tried To Hack E-Mail Of Ukrainian Making Artillery-Guidance App". RadioFreeEurope. Archived from the original on 6 February 2018. Retrieved 8 February 2018.
64. Satter, Raphael (2 November 2017). "Russia hackers pursued Putin foes, not just US Democrats". Associated Press. Archived from the original on 2 April 2019. Retrieved 2 April 2019.
65. Miller, Christopher (2 November 2017). "'Fancy Bear' Tried To Hack E-Mail Of Ukrainian Making Artillery-Guidance App". Radio Free Europe/Radio Liberty. Archived from the original on 2 April 2019. Retrieved 2 April 2019.
66. Broderick, Ryan (26 September 2019). "Here's How Donald Trump Ended Up Referencing A Russian-Promoted 4chan Conspiracy Theory In His Call To The Ukrainian President". Buzzfeed News. Archived from the original on 8 October 2019. Retrieved 11 February 2024.
67. Sullivan, Eileen (25 September 2019). "How CrowdStrike Became Part of Trump's Ukraine Call". The New York Times. Archived from the original on 26 September 2019. Retrieved 11 February 2024.
68. Marks, Joseph (26 September 2019). "The Cybersecurity 202: Trump's CrowdStrike conspiracy theory shows he still doubts Russian election interference". The Washington Post. Retrieved 11 February 2024.
69. Bajak, Frank (13 November 2019). "Debunked Ukraine conspiracy theory is knocked down – again". Associated Press News. Archived from the original on 22 July 2024. Retrieved 11 February 2024.
70. Cillizza, Chris (30 September 2019). "Don't miss the totally debunked conspiracy theory Donald Trump pushed in the Ukraine call". CNN. Archived from the original on 26 February 2024. Retrieved 11 February 2024.
71. Collins, Ben (3 October 2019). "Trump seized on a conspiracy theory called the 'insurance policy.' Now, it's at the center of an impeachment investigation". NBC News. Archived from the original on 26 February 2024. Retrieved 11 February 2024.

External links

• Official website
• Business data for CrowdStrike Holdings, Inc.:
  • Bloomberg
  • Google
  • Reuters
  • SEC filings
  • Yahoo!