Understanding PikaBot: The Rising Cyber Threat - Cyber and Fraud Centre

Background to PikaBot

PikaBot is a type of malware that has been gaining notoriety since its emergence in early 2023¹ ² ⁴. It is a modular trojan, a successor to the infamous QakBot (QBot) trojan, which was widely used by ransomware gangs for its versatile ability to facilitate initial access and deliver secondary payloads¹. With the shutdown of QBot, PikaBot has stepped in to fill the void, becoming a tool of choice for cybercriminals¹.

How PikaBot Attacks Systems

PikaBot operates by executing arbitrary commands, downloading additional payloads, and injecting malicious shellcodes into legitimate processes running on a victim’s computer¹ ². This makes it a potent backdoor for attackers to set up for the next stages of their attacks¹.

The distribution of PikaBot is primarily through email spam campaigns¹. These campaigns are meticulously crafted, utilising geolocalised spam emails that target specific countries¹. The emails often contain links to external SMB (Server Message Block) shares, which host malicious zip files¹. Once a user interacts with these emails by clicking on the link, they are taken to the SMB share hosting the malicious zip files, resulting in a PikaBot infection¹.

What Organisations Can Do to Protect Themselves?

Organisations can take several steps to protect themselves from PikaBot:

Endpoint Protection: Update endpoint protection solutions to recognize and block PikaBot as well as similar threats¹.
Regular Updates: Patch all software programs, including security systems, to close existing loopholes which can be utilized by attackers⁸.
Email Caution: Be cautious when clicking on links or opening attachments in emails, especially if they’re from people you don’t know¹.
Strong Passwords and Multi-Factor Authentication (MFA): This adds an extra layer of security to your accounts⁷.

Other Relevant Information on PikaBot

PikaBot is not just a standalone threat but also a facilitator for other cyber threats. It has been observed being used to distribute other malicious tools such as Cobalt Strike². Its modular nature, combined with its stealthy distribution methods, makes it a formidable threat to organisations. As PikaBot continues to evolve and gain prevalence, organisations must stay informed and take appropriate measures to protect their systems and data.

In conclusion, the rise of PikaBot represents a significant development in the cyber threat landscape. Its modular nature, combined with its stealthy distribution methods, makes it a formidable threat to organisations. As PikaBot continues to evolve and gain prevalence, organisations must stay informed and take appropriate measures to protect their systems and data.