This article contains content that is written like an advertisement .(March 2024) |
Company type | Public |
---|---|
| |
Industry | Information security |
Founded | 2011 |
Founders |
|
Headquarters | Austin, Texas, U.S. |
Key people | George Kurtz (CEO) |
Products |
|
Revenue | US$2.241 billion (2023) |
US$−190 million (2023) | |
US$−183 million (2023) | |
Total assets | US$5.027 billion (2023) |
Total equity | US$1.464 billion (2023) |
Number of employees | 7,273 (2023) |
Website | crowdstrike |
Footnotes /references Financials as of January 31,2023 [update] . [2] |
CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. [3] [4] The company has been involved in investigations of several high-profile cyberattacks, including the 2014 Sony Pictures hack, the 2015–16 cyber attacks on the Democratic National Committee (DNC), and the 2016 email leak involving the DNC. [5] [6]
CrowdStrike was co-founded by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (CFO, retired) in 2011. [7] [8] [9] [10] In 2012, Shawn Henry, a former Federal Bureau of Investigation (FBI) official, was hired to lead the subsidiary CrowdStrike Services, Inc., which focused on proactive and incident response services. [11] [12] In June 2013, the company launched its first product, CrowdStrike Falcon, which provided endpoint protection, threat intelligence and attribution. [13] [14]
In May 2014, CrowdStrike's reports assisted the United States Department of Justice in charging five Chinese military hackers for economic cyber espionage against United States corporations. [15] CrowdStrike also uncovered the activities of Energetic Bear, a group connected to the Russian Federation that conducted intelligence operations against global targets, primarily in the energy sector. [16]
After the Sony Pictures hack, CrowdStrike uncovered evidence implicating the government of North Korea and demonstrated how the attack was carried out. [17] In 2014, CrowdStrike played a major role in identifying members of Putter Panda, the state-sponsored Chinese group of hackers also known as PLA Unit 61486. [18] [19]
In May 2015, the company released information about VENOM, a critical flaw in an open-source hypervisor called Quick Emulator (QEMU), that allowed attackers to access sensitive personal information. [20] [21] In October 2015, CrowdStrike announced that it had identified Chinese hackers attacking technology and pharmaceutical companies around the time that US President Barack Obama and China's Paramount leader Xi Jinping publicly agreed not to conduct economic espionage against each other. The alleged hacking would have been in violation of that agreement. [22]
CrowdStrike released research in 2017 showing that 66 percent of the attacks the company responded to that year were fileless or malware-free. The company also compiled data on the average time needed to detect an attack and the percentage of attacks detected by organizations. [23]
In February 2018, CrowdStrike reported that, in November and December 2017, it had observed a credential harvesting operation in the international sporting sector, with possible links to the cyberattack on the opening ceremonies of the Winter Olympics in Pyeongchang. [24] That same month, CrowdStrike released research showing that 39 percent of all attacks observed by the company were malware-free intrusions. The company also named which industries attackers most frequently targeted. [25] That March, the company released a version of Falcon for mobile devices and launched the CrowdStrike store. [26]
In January 2019, CrowdStrike published research reporting that Ryuk ransomware had accumulated more than $3.7 million in cryptocurrency payments since it first appeared in August. [27] [28]
According to CrowdStrike's 2018 Global Threat Report, Russia has the fastest cybercriminals in the world. [29] [30] The company also claimed that, of 81 named state-sponsored actors it tracked in 2018, at least 28 conducted active operations throughout the year, with China being responsible for more than 25 percent of sophisticated attacks. [31]
In September 2020, CrowdStrike acquired zero trust and conditional access technology provider Preempt Security for $96 million. [32]
In March 2021, CrowdStrike acquired Danish log management platform Humio for $400 million. [33] Official CrowdStrike releases noted that the acquisition is to further their XDR capability.
In November 2021, CrowdStrike acquired SecureCircle for $61 million, a SaaS-based cybersecurity service that extends Zero Trust security to data on, from and to the endpoint. [34]
In December 2021, CrowdStrike moved its headquarters location from Sunnyvale, California to Austin, Texas. [35]
In March 2023, CrowdStrike released the ninth annual edition of the cybersecurity leader's seminal report citing surge in global identity thefts. [36]
In 2023, CrowdStrike introduced CrowdStream service in collaboration with Cribl. [37]
In July 2015, Google invested in the company's Series C funding round, which was followed by Series D and Series E, raising a total of $480 million as of May 2019. [38] [39] [40] In 2017, the company reached a valuation of more than $1 billion with an estimated annual revenue of $100 million. [41] In June 2018, the company said it was valued at more than $3 billion. [39] Investors include Telstra, March Capital Partners, Rackspace, Accel Partners and Warburg Pincus. [42] [43]
In June 2019, the company made an initial public offering (IPO) on the NASDAQ. [44] [45]
CrowdStrike helped investigate the Democratic National Committee cyberattacks and a connection to Russian intelligence services. On March 20, 2017, James Comey testified before congress stating, "CrowdStrike, Mandiant, and ThreatConnect review[ed] the evidence of the hack and conclude[d] with high certainty that it was the work of APT 28 and APT 29 who are known to be Russian intelligence services." [46]
In December 2016, CrowdStrike released a report stating that Russian government-affiliated group Fancy Bear had hacked a Ukrainian artillery app. [47] They concluded that Russia had used the hack to cause large losses to Ukrainian artillery units. The app (called ArtOS) is installed on tablet PCs and used for fire-control. [48] CrowdStrike also found a hacked variation of POPR-D30 being distributed on Ukrainian military forums that utilized an X-Agent implant. [49]
The International Institute for Strategic Studies rejected CrowdStrike's assessment that claimed hacking caused losses to Ukrainian artillery units, saying that their data on Ukrainian D30 howitzer losses was misused in CrowdStrike's report. The Ukrainian Ministry of Defense also rejected the CrowdStrike report, stating that actual artillery losses were much smaller than what was reported by CrowdStrike and were not associated with Russian hacking. [50]
Cybersecurity firm SecureWorks discovered a list of email addresses targeted by Fancy Bear in phishing attacks. [51] The list included the email address of Yaroslav Sherstyuk, the developer of ArtOS. [52] Additional Associated Press research supports CrowdStrike's conclusions about Fancy Bear. [53] Radio Free Europe notes that the AP report "lends some credence to the original CrowdStrike report, showing that the app had, in fact, been targeted." [54]
In the Trump–Ukraine scandal, a transcript of a conversation between Donald Trump, the former president of the United States, and Volodymyr Zelensky, the president of Ukraine, had Trump asking Zelensky to look into a conspiracy theory appearing on far-right websites such as Telegram and Breitbart.com [55] regarding CrowdStrike - namely, that the Ukrainian government used Crowdstrike to hack into the Democratic National Committee's servers in 2016 and framed Russia for the crime in order to undermine Trump's victory in the 2016 presidential election. [56] [57] The conspiracy theory has been repeatedly debunked. [58] [59] [60]
Since March 2021 CrowdStrike has been the official sponsor of the Formula One safety car, the Mercedes-AMG GT R. [64] In 2022, it was announced that Crowdstrike would become the title sponsor of the 24 Hours of Spa endurance race from 2023 onwards. [65]
Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.
Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."
Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.
Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.
An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.
Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.
Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.
Dmitri Alperovitch is an American think-tank founder, author, investor, philanthropist, podcast host and former computer security industry executive. He is the chairman of Silverado Policy Accelerator, a geopolitics think-tank in Washington, D.C., and a co-founder and former chief technology officer of CrowdStrike. Alperovitch is a naturalized U.S. citizen born in Russia who came to the United States in 1994 with his family.
A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack.
Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.
Fancy Bear, also known as APT28, Pawn Storm, Sofacy Group, Sednit, Tsar Team and STRONTIUM or Forest Blizzard, is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on one of the buildings collapsed as a result of the explosion.
Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.
The Democratic National Committee cyber attacks took place in 2015 and 2016, in which two groups of Russian computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Cybersecurity experts, as well as the U.S. government, determined that the cyberespionage was the work of Russian intelligence agencies.
X-Agent or XAgent is a spyware and malware program designed to collect and transmit hacked files from machines running Windows, Linux, iOS, or Android, to servers operated by hackers. It employs phishing attacks and the program is designed to "hop" from device to device. In 2016, CrowdStrike identified an Android variant of the malware for the first time, and claimed that the malware targeted members of the Ukrainian military by distributing an infected version of an app to control D-30 Howitzer artillery. The Ukrainian army denied CrowdStrike's report and stated that losses of Howitzer artillery pieces had "nothing to do with the stated cause".
Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.
George Kurtz is the co-founder and CEO of cybersecurity company CrowdStrike and an American racing driver. He was also the founder of Foundstone and chief technology officer of McAfee.
Cisco Talos, or Cisco Talos Intelligence Group, is a cybersecurity technology and information security company based in Fulton, Maryland. It is a part of Cisco Systems Inc. Talos' threat intelligence powers Cisco Secure products and services, including malware detection and prevention systems. Talos provides Cisco customers and internet users with customizable defensive technologies and techniques through several of their own open-source products, including the Snort intrusion prevention system and ClamAV anti-virus engine.
Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.
In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.