Skip to main content

Port Watch · USA · New England

US Northeast cyber-pressure

Includes: Newport, RI · Mystic, CT · Greenwich, CT · Nantucket, MA

Cyber pressure: ELEVATED Score 3/7 · updated 42 min ago
271 exposed services across US Northeast; in-season (June–September).
Snapshot 42 min ago

Visible from public scans

Where the indicators land in US Northeast

Each dot is an internet-exposed device geo-IP'd to its ISP location, jittered for approximation. The map is not a claim about any specific operator, marina, or vessel — see methodology.

Exposure indicators across US Northeast, with positions approximate (ISP geo-IP, jittered)

Captain's read

US Northeast, this week

Leading exposure pattern

Small-business VPN / firewall (SonicWall)

US Northeast this week: SonicWall has multiple actively-exploited CVEs on CISA's list this month. SonicWall is the VPN/firewall that runs in yacht-agent offices, brokers, and smaller shipyards — public scans find 203 of them in the metro. Small-shop kit gets patched slowly, so an unknown share are vulnerable, sitting in front of the email and file shares that crew swap data with.

What to do this week

  • Captain: ask your yacht agent in port if they've patched in the last 60 days. If vague, use Signal/WhatsApp for sensitive comms — not their email.
  • Crew: any portal that looks SonicWall-branded — assume it could be compromised this week.
  • Owner: any small vendor (charter broker, accountant, lawyer) on shore should be patching too. Worth asking IT about.

Top exposure categories driving this score

The kit on the ground in US Northeast

Each card shows what the category means for a yacht and what to do about it. Severity dot turns red when there's an actively-exploited CVE on the vendor's name in the last 30 days.

Small-business VPN / firewall (SonicWall)

203 in the metro
What it means
Common in yacht-agent offices, brokers, and smaller yards. Multiple SonicWall vulnerabilities are being actively exploited; patches land slowly on small-shop kit.
What to do
Ask your yacht agent if they've patched in the last 60 days. If vague, use Signal/WhatsApp for sensitive comms — not their email.

Windows machines exposed to the internet

49 in the metro
What it means
Windows desktops or servers with their remote-login page open to the world. Hammered constantly by password-guessing botnets. Usually shoreside offices — charter, broker, agent, chandler — where your data lives.
What to do
If shoreside contacts use Windows remote-desktop, ask them to put it behind a VPN. Crew: never enter credentials on a borrowed Windows machine ashore.

Marina-grade VPN gateways (FortiGate)

17 in the metro
What it means
A common firewall/VPN running on networks yachts, agents, brokers, and shipyards use. Several FortiGate vulnerabilities are being actively exploited right now — unpatched units can be taken over remotely.
What to do
Before connecting any device to an agent or marina VPN, ask when their gateway was last patched. Crew: never reuse the agent VPN password anywhere personal.
Show technical detail (ETO view)
Shodan exposure score: 2/3 · Total hits: 271

Per-probe vendor counts (cities × yacht-relevant vendor families; /host/count endpoint):
· SonicWall SMA / NSA: 203
· Exposed RDP: 49
· Fortinet SSL VPN / FortiGate: 17
· Aruba controllers: 2

Supporting signals

Other inputs in this region's score

Every input on the page is shown with its raw count. Methodology →

Regional phishing infrastructure 0/3

0
URLhaus + OpenPhish entries from the last 14 days where the host or URL matched US Northeast-region terms (sub-port names, yacht-agent / broker / shipyard domain stems).
No matches this cycle — typical for the yacht niche; this is a sentinel signal that fires only when regional terms appear in mass phishing feeds.

Seasonal load 1/1

In
Charter-season multiplier. Window: June–September. More yachts in region = more shoreside crew activity = more historical phishing pressure.
Transparent weighting we own — not a third-party feed. Methodology →

Pre-flight

Captain checklist for US Northeast

Defaults that map to the threat surfaces above. Crew Wi-Fi is in scope: ops devices stay on Starlink/VSAT, but crew personal devices touch marina Wi-Fi heavily — especially when the owner is aboard and the yacht primary QoS deprioritizes crew off.

Before arrival

  • Yacht agent / broker / smaller yards using SonicWall — request patch confirmation in the last 60 days. If vague, use Signal for sensitive comms.
  • Brief crew: shoreside Windows desktops with remote-login open are botnet-hammered. If your contacts handle yacht data on them, ask them to put it behind a VPN.
  • Confirm yacht VPN reaches from cellular before docking.
  • Push the crew personal-device patch reminder — they'll be spending nights on marina Wi-Fi.

During stay

  • US Northeast is in peak season — more crew rotations, more shoreside contacts, more bait. Tighten crew-agency credentials this week.
  • Ops devices stay on yacht network (Starlink / VSAT) — never on marina Wi-Fi.
  • Crew: agency portals, charter-broker mail, chandler logins — never reuse the same password as personal email.
  • Run a Wi-Fi survey before any device joins marina services.

After departure

  • Audit any new devices joined to the LAN.
  • Compare Wi-Fi survey delta against your baseline.
  • Rotate captive-portal credentials any crew member used ashore.
  • Rotate crew-agency portal credentials — especially anyone who logged in over marina Wi-Fi without VPN.
Region-specific high-priority Active KEV / cross-reference Seasonal / contextual Baseline hygiene (always applies)

Train your crew on what Port Watch flags

YMS360 Cybersecurity Training

Online, self-paced, certified.

Start the free crew course Methodology All regions
Enroll your yacht

Ready to harden your crew's
cyber posture?

Contact us +1.754.600.8735