Shares of CrowdStrike fell 5% in premarket trading on Wall Street today, extending their streak of losses, after several analysts downgraded the stock on concerns over the financial fallout from the global cyber outage last week.
CrowdStrike's glitchy update to its security software affected computers powered by Microsoft's Windows operating system, disrupting internet services across the globe and leaving people without access to banking or healthcare services.
Microsoft said on Saturday that about 8.5 million Windows devices, or less than 1% of all Windows machines, were affected.
Services across industries gradually came back online later on Friday but companies were dealing with backlogs, delays, canceled flights and other issues, raising questions on how to avoid such a situation in the future and whether such critical software should remain in the hands of a few companies.
CrowdStrike will likely face resistance in signing new deals in the near term as a result of the anticipated fallout from the quality assurance issue which caused the massive tech outage, Guggenheim analysts said on Sunday.
"While the outage could remain a near-term overhang, we believe CrowdStrike will emerge as a stronger company as this was not a breach, but rather a significant breakdown in process," RBC Capital Markets analysts said.
At least six brokerages have cut their price targets on CrowdStrike, with two more downgrading the stock's rating to "neutral" from "buy".
The outage triggered an 11% drop in CrowdStrike's shares on Friday.
Shares of cybersecurity rivals Palo Alto Networks, Sentinel One and Fortinet were up between 1% and 3% in premarket trading today.
Meanwhile, security experts said CrowdStrike's routine update of its widely used cybersecurity software, which caused clients' computer systems to crash globally on Friday, apparently did not undergo adequate quality checks before it was deployed.
The latest version of its Falcon sensor software was meant to make CrowdStrike clients' systems more secure against hacking by updating the threats it defends against.
But faulty code in the update files resulted in one of the most widespread tech outages in recent years for companies using Microsoft'sWindows operating system.
Global banks, airlines - including Ryanair - hospitals and government offices were disrupted.
CrowdStrike released information to fix affected systems, but experts said getting them back online would take time as it required manually weeding out the flawed code.
"What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," said Steve Cobb, chief security officer at Security Scorecard, which also had some systems impacted by the issue.
Problems came to light quickly after the update was rolled out on Friday, and users posted pictures on social media of computers with blue screens displaying error messages. These are known in the industry as "blue screens of death."
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
Patrick Wardle, a security researcher who specialises in studying threats against operating systems, said his analysis identified the code responsible for the outage.
The update's problem was "in a file that contains either configuration information or signatures," he said.
Such signatures are code that detects specific types of malicious code or malware.
"It's very common that security products update their signatures, like once a day... because they're continually monitoring for new malware and because they want to make sure that their customers are protected from the latest threats," he said.
The frequency of updates "is probably the reason why (CrowdStrike) didn't test it as much," he said.
It is unclear how that faulty code got into the update and why it was not detected before being released to customers.
"Ideally, this would have been rolled out to a limited pool first," said John Hammond, principal security researcher at Huntress Labs.
"That is a safer approach to avoid a big mess like this."
Other security companies have had similar episodes in the past. McAfee's buggy antivirus update in 2010 stalled hundreds of thousands of computers.
But the global impact of this outage reflects CrowdStrike's dominance.
Over half of Fortune 500 companies and many government bodies such as the top US cybersecurity agency itself, the Cybersecurity and Infrastructure Security Agency, use the company's software.
