Skip to main content

Port Watch · Lesser Antilles

Eastern Caribbean cyber-pressure

Includes: St. Maarten · St. Barths · Antigua · BVI · St. Lucia · Grenada

Cyber pressure: CALM Score 1/7 · updated 40 min ago
117 exposed services across Eastern Caribbean.
Snapshot 40 min ago

Visible from public scans

Where the indicators land in Eastern Caribbean

Each dot is an internet-exposed device geo-IP'd to its ISP location, jittered for approximation. The map is not a claim about any specific operator, marina, or vessel — see methodology.

Exposure indicators across Eastern Caribbean, with positions approximate (ISP geo-IP, jittered)

Captain's read

Eastern Caribbean, this week

Leading exposure pattern

Small-business VPN / firewall (SonicWall)

Eastern Caribbean this week: SonicWall has multiple actively-exploited CVEs on CISA's list this month. SonicWall is the VPN/firewall that runs in yacht-agent offices, brokers, and smaller shipyards — public scans find 51 of them in the metro. Small-shop kit gets patched slowly, so an unknown share are vulnerable, sitting in front of the email and file shares that crew swap data with.

What to do this week

  • Captain: ask your yacht agent in port if they've patched in the last 60 days. If vague, use Signal/WhatsApp for sensitive comms — not their email.
  • Crew: any portal that looks SonicWall-branded — assume it could be compromised this week.
  • Owner: any small vendor (charter broker, accountant, lawyer) on shore should be patching too. Worth asking IT about.

Top exposure categories driving this score

The kit on the ground in Eastern Caribbean

Each card shows what the category means for a yacht and what to do about it. Severity dot turns red when there's an actively-exploited CVE on the vendor's name in the last 30 days.

Small-business VPN / firewall (SonicWall)

51 in the metro
What it means
Common in yacht-agent offices, brokers, and smaller yards. Multiple SonicWall vulnerabilities are being actively exploited; patches land slowly on small-shop kit.
What to do
Ask your yacht agent if they've patched in the last 60 days. If vague, use Signal/WhatsApp for sensitive comms — not their email.

Windows machines exposed to the internet

45 in the metro
What it means
Windows desktops or servers with their remote-login page open to the world. Hammered constantly by password-guessing botnets. Usually shoreside offices — charter, broker, agent, chandler — where your data lives.
What to do
If shoreside contacts use Windows remote-desktop, ask them to put it behind a VPN. Crew: never enter credentials on a borrowed Windows machine ashore.

Marina-grade VPN gateways (FortiGate)

17 in the metro
What it means
A common firewall/VPN running on networks yachts, agents, brokers, and shipyards use. Several FortiGate vulnerabilities are being actively exploited right now — unpatched units can be taken over remotely.
What to do
Before connecting any device to an agent or marina VPN, ask when their gateway was last patched. Crew: never reuse the agent VPN password anywhere personal.
Show technical detail (ETO view)
Shodan exposure score: 1/3 · Total hits: 117

Per-probe vendor counts (cities × yacht-relevant vendor families; /host/count endpoint):
· SonicWall SMA / NSA: 51
· Exposed RDP: 45
· Fortinet SSL VPN / FortiGate: 17
· Exposed Outlook Web Access: 4

Supporting signals

Other inputs in this region's score

Every input on the page is shown with its raw count. Methodology →

Regional phishing infrastructure 0/3

0
URLhaus + OpenPhish entries from the last 14 days where the host or URL matched Eastern Caribbean-region terms (sub-port names, yacht-agent / broker / shipyard domain stems).
No matches this cycle — typical for the yacht niche; this is a sentinel signal that fires only when regional terms appear in mass phishing feeds.

Seasonal load 0/1

Off
Charter-season multiplier. Window: November–April. More yachts in region = more shoreside crew activity = more historical phishing pressure.
Transparent weighting we own — not a third-party feed. Methodology →

Pre-flight

Captain checklist for Eastern Caribbean

Defaults that map to the threat surfaces above. Crew Wi-Fi is in scope: ops devices stay on Starlink/VSAT, but crew personal devices touch marina Wi-Fi heavily — especially when the owner is aboard and the yacht primary QoS deprioritizes crew off.

Before arrival

  • Yacht agent / broker / smaller yards using SonicWall — request patch confirmation in the last 60 days. If vague, use Signal for sensitive comms.
  • Brief crew: shoreside Windows desktops with remote-login open are botnet-hammered. If your contacts handle yacht data on them, ask them to put it behind a VPN.
  • Confirm yacht VPN reaches from cellular before docking.
  • Push the crew personal-device patch reminder — they'll be spending nights on marina Wi-Fi.

During stay

  • Ops devices stay on yacht network (Starlink / VSAT) — never on marina Wi-Fi.
  • Crew: agency portals, charter-broker mail, chandler logins — never reuse the same password as personal email.
  • Run a Wi-Fi survey before any device joins marina services.

After departure

  • Audit any new devices joined to the LAN.
  • Compare Wi-Fi survey delta against your baseline.
  • Rotate captive-portal credentials any crew member used ashore.
  • Rotate crew-agency portal credentials — especially anyone who logged in over marina Wi-Fi without VPN.
Region-specific high-priority Active KEV / cross-reference Seasonal / contextual Baseline hygiene (always applies)

Train your crew on what Port Watch flags

YMS360 Cybersecurity Training

Online, self-paced, certified.

Start the free crew course Methodology All regions
Enroll your yacht

Ready to harden your crew's
cyber posture?

Contact us +1.754.600.8735