Report: Profiting From Patch Tuesday
New McAfee research shows by the numbers how attackers could manipulate the stock market
It’s Microsoft’s Patch Tuesday, and according to new research, someone out there is actually profiting from it in the stock market.
Making money in the stock market sounds like an oxymoron today given the global financial crisis, but new research published in the fall issue of the McAfee Security Journal demonstrates how Microsoft’s stock dips on Patch Tuesday, but then rebounds the following day. It's likely some people capitalize on this in their stock transactions, the article says.
“At the very least, it appears that there is a correlation between Microsoft stock price fluctuations and the Patch Tuesday release cycle,” writes Anthony Bettini, a member of the McAfee Avert Labs senior management team.
Another “financial engineering” scam could allow attackers to use zero-day threats as a way to make money in the equities and derivatives markets, he says. “It is possible people are already using zero-day threats for financial gain, not simply for embedding them within password-stealing Trojans but for taking short or options positions in equities and derivatives,” he writes.
Dave Marcus, director of security research and communications for McAfee Avert Labs, says Bettini’s research on hackers making money off of Patch Tuesday woes was eye-opening. “It surprised every single of one of us,” Marcus says. “This is breakout research.”
Fake vulnerability disclosures could also be used to manipulate the market, according to Bettini: “It’s possible that events could be orchestrated via social engineering to manipulate the market and its participants. This scenario would clearly be illegal; but where there is profit, there are often people willing to break laws. Similarly… not all attacks would involve social engineering. Some may even be legal.”
— Kelly Jackson Higgins, Senior Editor, Dark Reading
McAfee Inc. (NYSE: MFE)
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024