CrowdStrike Stock Tanks 15%, Set For Worst Day Since 2022

Shares of cybersecurity company CrowdStrike Holdings dropped 15% on Friday after the company's software update resulted in what may turn out to be the largest IT outage ever. CrowdStrike stock "is on pace for its steepest daily loss since November 2022 and its $290 low share price is the lowest intraday mark since April 25," reports Forbes. "CrowdStrike is on track for the third-worst day in its five-year history as a publicly traded company." From the report: Microsoft, which was swept up in the outage as the downed systems are those running CrowdStrike's cybersecurity applications and Microsoft's Windows software, also slumped, with its shares down about 1% to the $3.2 trillion behemoth's lowest share price since June 11. CrowdStrike competitor Palo Alto Networks enjoyed a 4% rally Friday, while the tech-heavy Nasdaq Composite stock index gained about 0.2%, held up by the likes of Microsoft rival Apple's 1% stock gain and a 1% rise for shares of Alphabet, which is reportedly in talks to buy cybersecurity firm Wiz for $23 billion.

The CrowdStrike selloff is "an overreaction to a temporary setback," Rosenblatt analyst Catharine Trebnick wrote in a note to clients Friday. It's a "compelling buying opportunity" as it "creates a window for investors to buy into a high-quality, growth-oriented cybersecurity company at a discounted valuation," Trebnick continued. To her point, CrowdStrike stock's relative valuation, according to its price-to-earnings ratio (P/E), which compares its market value to its projected profits over the next four quarters, fell Friday to its lowest number since April. Still, CrowdStrike's P/E of about 70 is very high for a company of its size, meaning investors will need to express significant confidence in the business' ability to grow earnings, a challenge if Friday's incident were to impact CrowdStrike's client base.

What does Lewis Hamilton think

[rossdee]

Crowdstrike is on of the Mercedes F1 sponsors

Re:

[Mr. Dollar Ton]

I'll bet he doesn't even know who they are. You should be asking the Ashley Barret responsible for marketing at Mercedes F1 about it.

Re: What does Lewis Hamilton think

[Z00L00K]

He might care if the team uses Crowdstrike since then it will impact him.

Re:

[Mr. Dollar Ton]

I don't think he knows who his minor sponsors are, nor is he vetting them personally.

Is it big news anyway? I only read about this "crowdstrike" thing on slashdot, which makes it a pretty fringe thing.

Re: What does Lewis Hamilton think

[dwater]

You're joking, right?

Re:

[Mr. Dollar Ton]

Nah, I just kinda missed the big news. Caught up already, laughed a bit at the Windows ecosystem working as usual, glad I didn't catch any of the fallout this time around.

Re:

[93 Escort Wagon]

Is it big news anyway? I only read about this "crowdstrike" thing on slashdot, which makes it a pretty fringe thing.

I'm guessing you don't work in IT (nothing wrong with that). Fortunately we don't use the software in my department; but the entire hospital where my wife works was just about brought to a standstill - they had to go back to charting on paper, mostly couldn't get into Epic (she said there were 6 computers across the entire hospital that were functional but read-only), etc. Also thousands of flights across the US were cancelled, and many banks couldn't do business... the problems were everywhere.

Re:

[Mr. Dollar Ton]

Not anymore, besides we're having huge forest fires where I am, and I've been helping out by shoveling dirt for days, so kinda missed the scale of the regular complete Windows ecosystem crash.

But looking at the news, yeah, it is bad. Mind-boggling it was allowed to happen yet again, but it seems spying on your workforce would justify just about anything. Too bad for the patients and the people that take care of them, they don't have it easy even without this kind of crap.

Re:

[Ol Olsoc]

Is it big news anyway? I only read about this "crowdstrike" thing on slashdot, which makes it a pretty fringe thing.

I'm guessing you don't work in IT (nothing wrong with that). Fortunately we don't use the software in my department; but the entire hospital where my wife works was just about brought to a standstill - they had to go back to charting on paper, mostly couldn't get into Epic (she said there were 6 computers across the entire hospital that were functional but read-only), etc. Also thousands of flights across the US were cancelled, and many banks couldn't do business... the problems were everywhere.

My favorite part is this:

"The CrowdStrike selloff is "an overreaction to a temporary setback," Rosenblatt analyst Catharine Trebnick wrote in a note to clients Friday. It's a "compelling buying opportunity" as it "creates a window for investors to buy into a high-quality, growth-oriented cybersecurity company at a discounted valuation"

Silly little things like the airline industry grounding itself, healthcare institutions and prescription dispensaries with critical computerized structures losing those devi

Re:

[HiThere]

It's still probably good advice as long as you sell again once the price recovers.

You didn't go anwyhere or read the news?

[_merlin]

Banks, supermarkets and airlines had widely publicised outages, as well as various cloud application providers including Microsoft themselves.

Re:

[rossdee]

Last season he did a TV ad for them

at 210mph you don't have time to think about computer security
or something like that

and the team was impacted by their computers going down on friday, but they had sorted it out before FP1

Re:What does Lewis Hamilton think

[Briareos]

It doesn't get any better than the Mercedes F1 pit crew with CrowdStrike shirts and a BSoD on their screens [bbc.com]...

Terminate his command.

[fuzzyfuzzyfungus]

This seems like a case for broad agreement that Kurtz' methods have become unsound; and that he's out there operating without any decent restraint, totally beyond the pale.

Re: Terminate his command.

[Fortnite_Beast]

Apocalypse Now?

Re:

[zeiche]

what?? really? firing the dude seems so natural, that was the first thing i thought of. i didn’t need The Internet to tell me that. give me and fuzzyfyzzyfungus a break! wow. wow.

do you just complain for the sake of it?

wow.

damn.

Re:

[fuzzyfuzzyfungus]

You are correct to note that an issue like this doesn't arise because of a mistake. It takes a system riddled with mistakes and potential for dangerously easy mistakes to fall over when just one thing goes wrong.

That's why I suggested firing the CEO, who is supposed to be the steering-the-big-picture dude, rather than hunting down whatever peon had the misfortune of pressing the button on this specific update and pretending that scapegoating him would be some sort of progress.

Plus, Kurtz is the only o

Wait for the lawsuits

[cygnusvis]

Lawsuits will start trickling in and every other day will be the worst day untill its bankrupt.

Homer voice

[Xenographic]

"It's the worst day so far" is pretty much what I'm thinking too.

Re:Wait for the lawsuits

[leonbev]

Do you really think so? Unless they had idiots write their EULA, I'd imagine that they have multiple clauses in there that protect them lawsuits or financial damages from using their products. They kind of need that liability protection, too, as antivirus products can be dangerous if used incorrectly. If they incorrectly flag one critical OS file as malware in a set of global AV definitions, they can easily cause another widespread outage like this one.

I'll bet that they'll get off fairly easy, like they have to provide a "free" annual license renewal for their biggest customers that threaten to go elsewhere. IT will be pissed off by this decision, but we all know that the executives rarely pass up on a chance to cut their IT costs. They'll probably have to take a quarterly charge for those lost earnings, but it will probably be business as usual until they screw up in some new innovative way a few years from now. By then, they probably will have merged with another cybersecurity company and their product will have a different name. Only the old greybeard sysadmins will remember that the two outages are related.

Re:Wait for the lawsuits

[upuv]

Lawsuits will happen. Even if the the contract attempts to insulate Crowdstrike.

With the massive losses being soaked up by some corporations around the world because of this they will sue no matter what is in the contract.

With lawsuits coming in and more to come for well the foreseeable future no other company will even remotely think about touching Crowdstrike. The potential liabilities that will be attached to any purchase/merger type arrangement are too large. So Crowdstrike has to soak this up.

It will take a small miracle for Crowdstrike to survive this. As new revenue is effectively gone for a good long while now. Sales and renewals pipelines are instantly scrapped. For the near future only those large Enterprises that can't rapidly migrate away will stay on Crowdstrike. ( That's actually a lot of corps that will stay on Crowdstrike. )

Crowdstrike is going to have to cut prices and change the contracts such that Crowdstrike is no longer protected just to maintain business.

Businesses now are going to seriously reconsider thier endpoint strategy. I personally see a number of alternate endpoint scenarios coming out of this.

Just one of the scenarios is that a lot of orgs are going to seriously look at removing Windows from Kiosk type endpoints. And on the server side windows deployment that aren't fully DevOps enabled are going to get some serious attention.

It's not lawsuits you worry about

[rsilvergun]

It's that after a crash of this magnitude they are going to have to either compensate customers or lose those customers. Those customers are going to be able to renegotiate contracts with a shit ton of leverage. It's going to cost a company a fortune Even without lawsuits.

Re:Wait for the lawsuits

[torkus]

Corporate contracts typically vary from standard EULA ... and overrule it, since the company is licensing the software and not the user clicking OK (if they even see the installer at all).

I doubt you manage any kind of vendor relationship TBH of you'd know this. Companies regularly include means managing risk/damages of various kinds but they rarely can include complete damage waivers (or without specifying a damage limit). I wasn't a reviewer for CS licensing at my company but i've seen plenty of others. They're almost certain to have some potential liability - under gross negligence if nothing else which courts generally agree can never be waived.

Moreso, their multi-year contracts certainly have some form exception or clause to quit in the face of failure to deliver.

Aaaaand lastly - they're almost certain to have near-zero new contracts signed for a while. Anyone about to sign up is certain pause at minimum.

Re:

[HiThere]

Others have said that "there's not much competition in this niche" and "it is often legally required to check this box".
If those statements are correct, then I doubt they'll lose as much business as you assert. (Yeah, they *should*, but that's not "will".)

OTOH, they may be able to escape any insulating terms in the contract on the grounds that they were "required to use" the software. IANAL, so this is just a guess. I'm sure many corps. will try.

Re:Wait for the lawsuits

[organgtool]

I wonder if they can be sued by clients of Crowdstrike's customers. Those clients aren't bound by contracts between Crowdstrike and their customers and they can likely prove real damages as a result of the widespread outage.

Re:

[Njovich]

Do you really think so? Unless they had idiots write their EULA, I'd imagine that they have multiple clauses in there that protect them lawsuits or financial damages from using their products.

That's too simple. First of all for contracts like this you have a combination of EULA, SLA and project agreements. Crowdstrike is about major corporations and governments and they tend to be very picky about what they sign so it depends on what's in those contracts. Then crowdstrike may very well be in breach of their

Re:

[Bongo]

Lawsuits from investors

As in, your shoddy management led to bad practices which directly caused my losses in the shares I bought.

Re: Wait for the lawsuits

[djp2204]

IANAL but I would think that since they shut down health care facilities and emergency responders, there will be triable facts for people who were seriously injured as a result of this. It is minimally a gross negligence claim. Patients and crime victims did not sign that eula and are not bound by its terms.

Re:

[walkerp1]

Yeah, this looks like an easy case for a short sell. The company's position is "This is a great opportunity for a buy." Well, it is and it isn't. If you completely ignore the albatross hanging about its neck, then it seems solid from standard evaluation metrics. But why even bother with that hypothetical line of thinking? Legally, you can't just say "Click here and we're not responsible for anything" and have it stick. It's nonsense, especially when you push out a dangerous update without even a basic reboo

Re:

[larwe]

Most large IT consumers (i.e. Crowdstrike's target demographic) have supplier agreements that mandate the vendor (Crowdstrike) to maintain a minimum amount of product liability insurance - typically in the millions of dollars coverage. Depending on the per-incident/per victim terms of their insurance policy, there might be a _considerable_ amount of Crowdstrike's financial exposure cushioned by their insurance carrier. It would be a mistake to assume that the ramifications of this incident will drain the co

Re:

[zeiche]

pretty sure there is plenty of wiggle room in all their contracts that CS can wiggle out of any litigation.

however, if companies banded together and separately get their cases dismissed.

Re:

[granaiogeek]

John McAfee's revenge from beyond the grave?

temporary setback

[fadethepolice]

if you are in cybersecurity and your update crashes the internet your contracts need to be re examined

Re:

[ChunderDownunder]

Well, that too. But serious questions should be put to Microsoft.

How, after 3 decades of the NT kernel, can third party vendor software cause a BSOD?

Maybe focus less on data-mining their users with ChatGPT for Windows 12 and focus on sand-boxing of drivers via Hyper-V?

Re:

[torkus]

Because, out of necessity, this software operates at kernel level. It has to, by default, have the ability to block any file, memory, or command by any software anywhere across the OS. If there was somewhere it couldn't monitor that would become an obvious attack surface.

So honestly, their update could have just blocked some common but critical base-OS file instead of blocking a known-infected version of the same. More complied? yes. Close enough though.

Re:

[larwe]

I have been making the "bad signature causing false match" assumption too, but I haven't actually read anything from a definitive source that confirms this. The CEO simply said it was "improperly formatted". This could be something as utterly dumb as a missing curly bracket or quotation mark in some XML which crashes their parser during system startup and somehow prevents boot from proceeding.

Re:

[Ol Olsoc]

Because, out of necessity, this software operates at kernel level. It has to, by default, have the ability to block any file, memory, or command by any software anywhere across the OS. If there was somewhere it couldn't monitor that would become an obvious attack surface.

So honestly, their update could have just blocked some common but critical base-OS file instead of blocking a known-infected version of the same. More complied? yes. Close enough though.

It's not like companies having kernel level modification isn't a fine attack surface.

Let's say we look beyond ransomware. Let's say we are looking to bring down systems of our adversaries. Crowdstrike has done the research for the bad guys.

Microsoft should bake this needed solution into their OS, not rely on others. Even if this product needs kernal access, Microsoft should have the kernal mods tested and approved, before it gets pushed out. Meanwhile, if this was a state actor effort, it would have be

Re:

[HiThere]

If this was a state actor action, it would NOT be considered a success. It exposed a valuable attack method, that should be reserved for a better time. (There are probably lots of those being reserved. Every zero-day that's exposed is potentially causing one of those to be fixed.)

Re:

[Ol Olsoc]

If this was a state actor action, it would NOT be considered a success. It exposed a valuable attack method, that should be reserved for a better time. (There are probably lots of those being reserved. Every zero-day that's exposed is potentially causing one of those to be fixed.)

My best guess is that you are correct about reserved attacks. If one company has the keys to the Microsoft Kingdom, there are no doubt many other really awesome points that can be brought down quite simply.

Talking with my son today, the business he works at was hit hard, and they are still recovering from it.

Microsoft - total security by making your machine inoperative - by design! Not purposeful design, but the OS is still designed that it just looks like design.

I'm amazed it's only 15 percent

[Traf-O-Data-Hater]

I would have imagined 25 to 50 percent. Seems they are getting off pretty darn lightly to me.

Re:

[Tony Isaac]

It's not over yet.

Re:

[Vlad_the_Inhaler]

By the end of the day the drop was "only" 11.1% ($304.96). To put this in some kind of perspective, it was around that level about a week into June and it was down at $281.40 in late April (and $144 last August). Yes it has been over $398 earlier this month, but so far the fluctuation has been nothing special.

Re:

[torkus]

This is only day one...when plenty of trading firms were down or limited because of the very same computer outages.

Everyone was too busy getting back online for the bare minimum ... I think we'll see this hitting market circuit breakers Monday. Particularly since every-fucking-one will be working the whole weekend recovering stuff and have plenty of time to be really, really pissed off.

Re:I'm amazed it's only 15 percent

[mrfaithful]

I would have imagined 25 to 50 percent. Seems they are getting off pretty darn lightly to me.

Not that I'm some kind of trading expert, but I've seen this a few times. An event causes a stock to drop rapidly, this triggers the stop-loss triggers set by other traders which deepens the drop by automatic selling but at the same time less plugged-in traders don't disable their automatic buy orders so they wind up stabilising the freefall by accident because they had a "buy X when it reaches $Y." You also have the options traders covering positions for good or bad. Unless something happens to restore confidence in the stock, you can expect to see a 2nd large drop on the next trading day as all those unattended operations are no longer there to arrest the fall. At that point you can expect the circuit breaker to trip and trading gets halted.

Re:

[eneville]

People didn't know who CrowdStrike were. They do now, so there's speculation and investment after this free advertising.

IT people will run from them, others will see them like Norton/McAfee/Trend.

Re:

[botmaster42]

Guessing you don't do IT security. I would not put Trend into the same bucket as the other two. Trend has been a top player for well over 20 years. They find so many 0 days per year (and protect against them). They have consumer products and corporate products. Their corporate products are NOT norton or McAfee level. Outside the USA they heavily used in many industries. Just look up ZDI sometime. There are a ton of details this is just one single metric: ZDI provided Microsoft with 20% of all their

Re:

[eneville]

Guessing you don't do comprehension. I said "IT people will run from them, others will see them like Norton/McAfee/Trend.".

In other words, techies will remember the fault, other people will buy them as arse covering.

Re:

[Methuselah2]

Mine too. I chuckled when I read that 15 sequential reboots of Windows would fix the problem.

Re:

[torkus]

MY systems were fine today, because I use Linux.

So even the software BUGS aren't compatible with your OS ...

Consistent at least.

Re: Hey

[bjoast]

Many EDR solutions support Linux. CrowdStrike Falcon for example.

Re:

[Anonymous Coward]

Maybe us poor dumb sonsabitches been telling the same story about the ol' billywindows for the last 30 years had a point, huh?

We'll always remember the day crashware fucked the world.

MY systems were fine today, because I use Linux.

Crowdstrike has done something similar with Linux too, a few months ago

https://news.ycombinator.com/i... [ycombinator.com]

This guy posted this right before the big BSOD!

[n0w0rries]

https://www.reddit.com/r/walls... [reddit.com]

Thesis: Crowdstrike is not worth 93 billion dollars (at time of writing).

Fear: CrowdStrike is an enterprise-grade employee spying app masquerading as a cloud application observability dashboard.

OBSERVATIONS

The 75th percentile retail investor has a tenuous grasp on “Cloud”, “Software Engineering”, and “Cyber Security”.

The median “Cyber Security Analyst” has a tenu

Re:

[Luckyo]

That's just the first day fallout. Once people start tallying the losses, total value of the company if liquidated may not be enough to pay everyone off.

Remember, this isn't "but muh EULA" bullshit. This is B2B for fortune 500. That means actual liability clauses, with uptime mandates, required insurance and so on. And I'm betting whatever insurance Crowdstrike has is going to have woefully insufficient coverage for this hilarity. And people coming for blood are going to be a lot of fortune 500 companies, w

Re: Tiny amount down for many

[DingerX]

I wouldn't even be surprised if the insurers refused to pay out on this one. It's like a fire prevention company deploying a smoke detector that, at the same time around the world, does an auto-test that, due to a design flaw, disables the detector and starts a fire. No amount of "use this device at own risk. We will not cover fire damage costs incurred by using this product" is gonna fly. Liability insurance might cover something, but not a failure to follow basic software security practices. And, even the

Re:

[Luckyo]

More likely insurer will pay out the liability up to maximum available and then go after Crowdstrike to recoup losses.

Oh, the Irony!

[organgtool]

So a cybersecurity company causes an outage greater than any malware has ever caused and somehow they retain 85% of their value. Exactly what are they offering that justifies that value?

Re:

[Anne Thwacks]

Exactly what are they offering that justifies that value?

bullshit - the most valuable commodity in the corporate world!

Te businesses who were affected by this outage had one thing in common - they were all Microsoft paying customers

Remember - if you keep doing the same thing, you will keep getting the same results.

All my employees know they will be dismissed immediately if caught using Windows on the company's premises.

Re:

[drinkypoo]

Exactly what are they offering that justifies that value?

Legal compliance. If you have their crap installed and you get breached you can point at it and say look, I did everything I could.

Re:

[organgtool]

That's what they had. And I doubt there is no other alternative that could provide that compliance. I know if I was an IT director, I wouldn't want anything by Crowdstrike on my systems ever again. It's not just that they made a mistake - everyone screws up from time to time. In fact, this may cause them to change their process to one that's superior to all others just to avoid a similar situation in the future. But if their next mistake does turn out to be anywhere near as bad as this one, I'll have t

Re:

[drinkypoo]

I know if I was an IT director, I wouldn't want anything by Crowdstrike on my systems ever again.

I agree, but I feel the same way about Windows, and if I were an IT director I still probably wouldn't have a choice about that either.

So the market thinks they don't have to pay...

[Casandro]

for their damages. That's probably reasonable, since their companies knew what they were getting into. After all CrowdStrike didn't exactly hide the fact that they were selling "Endpoint Security" software.

It's like selling mercury as mercury and your customers mixing it into their food and complaining that it makes the food taste bad and it makes them ill.

Only Fifteen Percent?

[bjwest]

I wonder how far it'll fall when the class action suite for negligence starts rolling in. There is no way in hell there is no negligence involved in this update, and a hell of a lot of big players are effected by this blunder.

Nothin'

[byronivs]

Nothing a few 9th hole blowjobs, club memberships, coke, hookers, and straight up cash won't fix in due time. Daddy would never let that happen to the good people of the world. Business!

Re:

[freeze128]

Where do you golf?

Time to open that golden parachute

[chas.williams]

Because if you don't leave the company soon, you will be headed toward Capitol Hill for the grilling of a lifetime.

fired

[groobly]

Crowdstrike and Cheatle both need to be fired, and for similar reasons.

There was a simple way to aviod this

[gettin2old]

While Crowdstrike did screw the pooch on this one they do provide a simple way of preventing this or at the least reducing the changes of it. I woke up with everyone panicking and I didn't get a blip or alert.

The customer is responsible for setting up their sensor update schedules. You have to pick (again as the customer) when you are creating you update schedule to update to the "Auto Latest" update or "Auto N-1" release. Why would you have your production systems on the latest release? Test servers