Report: Profiting From Patch TuesdayReport: Profiting From Patch Tuesday
New McAfee research shows by the numbers how attackers could manipulate the stock market
October 14, 2008
It’s Microsoft’s Patch Tuesday, and according to new research, someone out there is actually profiting from it in the stock market.
Making money in the stock market sounds like an oxymoron today given the global financial crisis, but new research published in the fall issue of the McAfee Security Journal demonstrates how Microsoft’s stock dips on Patch Tuesday, but then rebounds the following day. It's likely some people capitalize on this in their stock transactions, the article says.
“At the very least, it appears that there is a correlation between Microsoft stock price fluctuations and the Patch Tuesday release cycle,” writes Anthony Bettini, a member of the McAfee Avert Labs senior management team.
Another “financial engineering” scam could allow attackers to use zero-day threats as a way to make money in the equities and derivatives markets, he says. “It is possible people are already using zero-day threats for financial gain, not simply for embedding them within password-stealing Trojans but for taking short or options positions in equities and derivatives,” he writes.
Dave Marcus, director of security research and communications for McAfee Avert Labs, says Bettini’s research on hackers making money off of Patch Tuesday woes was eye-opening. “It surprised every single of one of us,” Marcus says. “This is breakout research.”
Fake vulnerability disclosures could also be used to manipulate the market, according to Bettini: “It’s possible that events could be orchestrated via social engineering to manipulate the market and its participants. This scenario would clearly be illegal; but where there is profit, there are often people willing to break laws. Similarly… not all attacks would involve social engineering. Some may even be legal.”
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
2021 Gartner Market Guide for Managed Detection and Response Report