Bad Actor Targets Stonnington City Council In Cyberattack


By Staff Writer

A cyberattack by an undisclosed “international agent” has forced Melbourne’s Stonnington City Council to shut down many of its online systems.

The attack occurred on Friday, August 27. Online services, including payment systems and the ePlanning portal, remain offline. The shutdown has also required some council staff to take annual leave.

Stonnington City Council serves around 104,000 ratepayers in Melbourne’s well-heeled inner east and bayside suburbs.

“We’re deeply concerned about it. An international agent has come and infiltrated our systems, and we’re working with the State and Federal Governments. We’ve closed our systems down,” Council CEO Jacqui Weatherill told Channel 7 News.

Stonnington’s website says online services remain temporarily unavailable. ”We are experiencing an IT issue, first detected over the weekend during maintenance work,” the Council’s website reads. “We are working tirelessly to rectify the situation.”

Local media outlet The Stonnington Leader is reporting the cyberattack occurred while the council was updating Microsoft software on Friday. With systems shut down, hundreds of council staff were unable to log in and work.

Stonnington City Council’s cyber insurer, the Victorian State Government, and the Australian Cyber Security Centre (ACSC) are now investigating. It is expected to take weeks to determine the extent of the security breach and how much, if any, data was taken.

“The rise of cyber-attacks on Australian organisations, particularly those in the public sector, highlights just how important it is for organisations to have tight control over their data,” says Adam Gordon, Country Manager ANZ at cybersecurity company Varonis. “All it takes is one employee account to be compromised, which gives attackers access to hordes of sensitive information.”

Varonis says many of the cyberattacks it deals with contain “intelligent” malware. The malware is aware of anti-virus and endpoint detection tools in place and can side-step even some of the most advanced defence tools in the market.

Cyber-attacks developed by foreign nation-states, in particular, are growing in sophistication, meaning it is becoming more difficult for organisations to even detect breaches when they do happen,” Mr Gordon adds.

Local councils are attractive targets for cyberattacks by holding data on business and development proposals, ratepayer information, local household and business profiles, and payment details. However, Stonnington City Council is assuring ratepayers their data is safe following Friday’s attack.

Victoria’s Inspector General of Emergency Management found malicious actors regularly target all levels of government to access these data troves.

Adam Gordon says there is a solution for councils like Stonnington. He argues councils and other organisations should restrict access to their most sensitive files, ensuring only those who really need them have access.

“This process ensures that if a data breach ever does occur, the risk of attackers stealing these sensitive files and moving laterally throughout the network is significantly reduced. With little or no access to sensitive files, ransomware is significantly less effective,” he says.

Stonnington City Council advises there is no disruption to essential services. The council states further details on the cyberattack will be provided as the investigation unfolds.