Gregory's ServerOne thing I haven't seen mentioned with Crowdstrike is that, although this isn't malicious, a company has just shown off that it has kernel level access to a bunch of critical systems around the world and is willing to just run code with that access on everyone's computers without even giving it a once-over glance.
So if you wanted to get a bunch of backdoors into things because you're a nation state cybersecurity team/hacker group/bored troublemaker who wants to see the world burn/etc they've just shown themselves to be a great firm to do so with.
@trekkie1701c
Do you remember the SolarWinds incidents? Not exactly the same as it's primarily network monitoring rather than security.
However that means it often has access to at least enumerate a bunch of internal infrastructure and potentially run batches of commands on managed switches.
Windows+SQLServer and their own update mechanism delivered executables that were already infected.