New McAfee research shows by the numbers how attackers could manipulate the stock market
It’s Microsoft’s Patch Tuesday, and according to new research, someone out there is actually profiting from it in the stock market.
Making money in the stock market sounds like an oxymoron today given the global financial crisis, but new research published in the fall issue of the McAfee Security Journal demonstrates how Microsoft’s stock dips on Patch Tuesday, but then rebounds the following day. It's likely some people capitalize on this in their stock transactions, the article says.
“At the very least, it appears that there is a correlation between Microsoft stock price fluctuations and the Patch Tuesday release cycle,” writes Anthony Bettini, a member of the McAfee Avert Labs senior management team.
Another “financial engineering” scam could allow attackers to use zero-day threats as a way to make money in the equities and derivatives markets, he says. “It is possible people are already using zero-day threats for financial gain, not simply for embedding them within password-stealing Trojans but for taking short or options positions in equities and derivatives,” he writes.
Dave Marcus, director of security research and communications for McAfee Avert Labs, says Bettini’s research on hackers making money off of Patch Tuesday woes was eye-opening. “It surprised every single of one of us,” Marcus says. “This is breakout research.”
Fake vulnerability disclosures could also be used to manipulate the market, according to Bettini: “It’s possible that events could be orchestrated via social engineering to manipulate the market and its participants. This scenario would clearly be illegal; but where there is profit, there are often people willing to break laws. Similarly… not all attacks would involve social engineering. Some may even be legal.”
— Kelly Jackson Higgins, Senior Editor, Dark Reading
McAfee Inc. (NYSE: MFE)
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024