Skip to main content

Port Watch · Spain · Balearic Islands

Balearics cyber-pressure

Includes: Palma de Mallorca · Ibiza · Menorca

Cyber pressure: ELEVATED Score 2/7 · updated 44 min ago
98 exposed services across Balearics; in-season (May–September).
Snapshot 44 min ago

Visible from public scans

Where the indicators land in Balearics

Each dot is an internet-exposed device geo-IP'd to its ISP location, jittered for approximation. The map is not a claim about any specific operator, marina, or vessel — see methodology.

Exposure indicators across Balearics, with positions approximate (ISP geo-IP, jittered)

Captain's read

Balearics, this week

Leading exposure pattern

Windows machines exposed to the internet

Balearics this week: password-guessing botnets are constantly hammering every Windows remote-login page they can find on the public internet. Public scans find 65 of those exposed login pages in the metro, most belonging to shoreside offices crew interact with daily — charter agents, brokers, payroll, chandlers. Crew credentials entered on a compromised desktop ashore end up in the attackers' bucket too.

What to do this week

  • Crew: never enter credentials on a borrowed Windows machine ashore. Use your own phone, on cellular or the yacht VPN.
  • Captain / ETO: ask any shoreside contact who uses remote-desktop to put it behind a VPN before they send anything sensitive about your yacht.
  • Anyone with a personal Outlook account: turn on MFA today. OWA credential phishing is the usual companion to this pattern.

Top exposure categories driving this score

The kit on the ground in Balearics

Each card shows what the category means for a yacht and what to do about it. Severity dot turns red when there's an actively-exploited CVE on the vendor's name in the last 30 days.

Windows machines exposed to the internet

65 in the metro
What it means
Windows desktops or servers with their remote-login page open to the world. Hammered constantly by password-guessing botnets. Usually shoreside offices — charter, broker, agent, chandler — where your data lives.
What to do
If shoreside contacts use Windows remote-desktop, ask them to put it behind a VPN. Crew: never enter credentials on a borrowed Windows machine ashore.

Small-business VPN / firewall (SonicWall)

25 in the metro
What it means
Common in yacht-agent offices, brokers, and smaller yards. Multiple SonicWall vulnerabilities are being actively exploited; patches land slowly on small-shop kit.
What to do
Ask your yacht agent if they've patched in the last 60 days. If vague, use Signal/WhatsApp for sensitive comms — not their email.

Marina-grade VPN gateways (FortiGate)

7 in the metro
What it means
A common firewall/VPN running on networks yachts, agents, brokers, and shipyards use. Several FortiGate vulnerabilities are being actively exploited right now — unpatched units can be taken over remotely.
What to do
Before connecting any device to an agent or marina VPN, ask when their gateway was last patched. Crew: never reuse the agent VPN password anywhere personal.
Show technical detail (ETO view)
Shodan exposure score: 1/3 · Total hits: 98

Per-probe vendor counts (cities × yacht-relevant vendor families; /host/count endpoint):
· Exposed RDP: 65
· SonicWall SMA / NSA: 25
· Fortinet SSL VPN / FortiGate: 7
· Exposed Outlook Web Access: 1

Supporting signals

Other inputs in this region's score

Every input on the page is shown with its raw count. Methodology →

Regional phishing infrastructure 0/3

0
URLhaus + OpenPhish entries from the last 14 days where the host or URL matched Balearics-region terms (sub-port names, yacht-agent / broker / shipyard domain stems).
No matches this cycle — typical for the yacht niche; this is a sentinel signal that fires only when regional terms appear in mass phishing feeds.

Seasonal load 1/1

In
Charter-season multiplier. Window: May–September. More yachts in region = more shoreside crew activity = more historical phishing pressure.
Transparent weighting we own — not a third-party feed. Methodology →

Pre-flight

Captain checklist for Balearics

Defaults that map to the threat surfaces above. Crew Wi-Fi is in scope: ops devices stay on Starlink/VSAT, but crew personal devices touch marina Wi-Fi heavily — especially when the owner is aboard and the yacht primary QoS deprioritizes crew off.

Before arrival

  • Brief crew: shoreside Windows desktops with remote-login open are botnet-hammered. If your contacts handle yacht data on them, ask them to put it behind a VPN.
  • Yacht agent / broker / smaller yards using SonicWall — request patch confirmation in the last 60 days. If vague, use Signal for sensitive comms.
  • Confirm yacht VPN reaches from cellular before docking.
  • Push the crew personal-device patch reminder — they'll be spending nights on marina Wi-Fi.

During stay

  • Balearics is in peak season — more crew rotations, more shoreside contacts, more bait. Tighten crew-agency credentials this week.
  • Ops devices stay on yacht network (Starlink / VSAT) — never on marina Wi-Fi.
  • Crew: agency portals, charter-broker mail, chandler logins — never reuse the same password as personal email.
  • Run a Wi-Fi survey before any device joins marina services.

After departure

  • Audit any new devices joined to the LAN.
  • Compare Wi-Fi survey delta against your baseline.
  • Rotate captive-portal credentials any crew member used ashore.
  • Rotate crew-agency portal credentials — especially anyone who logged in over marina Wi-Fi without VPN.
Region-specific high-priority Active KEV / cross-reference Seasonal / contextual Baseline hygiene (always applies)

Train your crew on what Port Watch flags

YMS360 Cybersecurity Training

Online, self-paced, certified.

Start the free crew course Methodology All regions
Enroll your yacht

Ready to harden your crew's
cyber posture?

Contact us +1.754.600.8735