Interesting write up and analysis, including some steps to mitigate risk on OpenSSH (and perhaps Dropbear as well)
https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
