Skip to main content

Port Watch · USA · Florida

South Florida cyber-pressure

Includes: Fort Lauderdale · Miami · Palm Beach · Stuart · North Palm Beach

Cyber pressure: ELEVATED Score 3/7 · updated 41 min ago
9430 exposed services across South Florida.
Snapshot 41 min ago

Visible from public scans

Where the indicators land in South Florida

Each dot is an internet-exposed device geo-IP'd to its ISP location, jittered for approximation. The map is not a claim about any specific operator, marina, or vessel — see methodology.

Exposure indicators across South Florida, with positions approximate (ISP geo-IP, jittered)

Captain's read

South Florida, this week

Leading exposure pattern

Windows machines exposed to the internet

South Florida this week: password-guessing botnets are constantly hammering every Windows remote-login page they can find on the public internet. Public scans find 8,004 of those exposed login pages in the metro, most belonging to shoreside offices crew interact with daily — charter agents, brokers, payroll, chandlers. Crew credentials entered on a compromised desktop ashore end up in the attackers' bucket too.

What to do this week

  • Crew: never enter credentials on a borrowed Windows machine ashore. Use your own phone, on cellular or the yacht VPN.
  • Captain / ETO: ask any shoreside contact who uses remote-desktop to put it behind a VPN before they send anything sensitive about your yacht.
  • Anyone with a personal Outlook account: turn on MFA today. OWA credential phishing is the usual companion to this pattern.

Top exposure categories driving this score

The kit on the ground in South Florida

Each card shows what the category means for a yacht and what to do about it. Severity dot turns red when there's an actively-exploited CVE on the vendor's name in the last 30 days.

Windows machines exposed to the internet

8,004 in the metro
What it means
Windows desktops or servers with their remote-login page open to the world. Hammered constantly by password-guessing botnets. Usually shoreside offices — charter, broker, agent, chandler — where your data lives.
What to do
If shoreside contacts use Windows remote-desktop, ask them to put it behind a VPN. Crew: never enter credentials on a borrowed Windows machine ashore.

Small-business VPN / firewall (SonicWall)

1,208 in the metro
What it means
Common in yacht-agent offices, brokers, and smaller yards. Multiple SonicWall vulnerabilities are being actively exploited; patches land slowly on small-shop kit.
What to do
Ask your yacht agent if they've patched in the last 60 days. If vague, use Signal/WhatsApp for sensitive comms — not their email.

Marina-grade VPN gateways (FortiGate)

171 in the metro
What it means
A common firewall/VPN running on networks yachts, agents, brokers, and shipyards use. Several FortiGate vulnerabilities are being actively exploited right now — unpatched units can be taken over remotely.
What to do
Before connecting any device to an agent or marina VPN, ask when their gateway was last patched. Crew: never reuse the agent VPN password anywhere personal.
Show technical detail (ETO view)
Shodan exposure score: 3/3 · Total hits: 9430

Per-probe vendor counts (cities × yacht-relevant vendor families; /host/count endpoint):
· Exposed RDP: 8,004
· SonicWall SMA / NSA: 1,208
· Fortinet SSL VPN / FortiGate: 171
· Exposed Outlook Web Access: 42
· Aruba controllers: 5

Supporting signals

Other inputs in this region's score

Every input on the page is shown with its raw count. Methodology →

Regional phishing infrastructure 0/3

0
URLhaus + OpenPhish entries from the last 14 days where the host or URL matched South Florida-region terms (sub-port names, yacht-agent / broker / shipyard domain stems).
No matches this cycle — typical for the yacht niche; this is a sentinel signal that fires only when regional terms appear in mass phishing feeds.

Seasonal load 0/1

Off
Charter-season multiplier. Window: November–April. More yachts in region = more shoreside crew activity = more historical phishing pressure.
Transparent weighting we own — not a third-party feed. Methodology →

Pre-flight

Captain checklist for South Florida

Defaults that map to the threat surfaces above. Crew Wi-Fi is in scope: ops devices stay on Starlink/VSAT, but crew personal devices touch marina Wi-Fi heavily — especially when the owner is aboard and the yacht primary QoS deprioritizes crew off.

Before arrival

  • Brief crew: shoreside Windows desktops with remote-login open are botnet-hammered. If your contacts handle yacht data on them, ask them to put it behind a VPN.
  • Yacht agent / broker / smaller yards using SonicWall — request patch confirmation in the last 60 days. If vague, use Signal for sensitive comms.
  • Confirm yacht VPN reaches from cellular before docking.
  • Push the crew personal-device patch reminder — they'll be spending nights on marina Wi-Fi.

During stay

  • Ops devices stay on yacht network (Starlink / VSAT) — never on marina Wi-Fi.
  • Crew: agency portals, charter-broker mail, chandler logins — never reuse the same password as personal email.
  • Run a Wi-Fi survey before any device joins marina services.

After departure

  • Audit any new devices joined to the LAN.
  • Compare Wi-Fi survey delta against your baseline.
  • Rotate captive-portal credentials any crew member used ashore.
  • Rotate crew-agency portal credentials — especially anyone who logged in over marina Wi-Fi without VPN.
Region-specific high-priority Active KEV / cross-reference Seasonal / contextual Baseline hygiene (always applies)

Train your crew on what Port Watch flags

YMS360 Cybersecurity Training

Online, self-paced, certified.

Start the free crew course Methodology All regions
Enroll your yacht

Ready to harden your crew's
cyber posture?

Contact us +1.754.600.8735