Most common are dictionary attacks against an SSH server. The attacker uses the fact that SSH servers usually offer their services on port 22 and that every Linux server has a root account. This can easily be mitigated by few simple steps.
Disable root login
Configure non-default port for SSH to listen on
Note: if selinux is running you may need to make some adjustments
Note: correct firewall port also must be open
Allow specific users only to log in on SSH
Note: this is good option to restrict only specific users to be able to login it will overwrite PermitRootLogin option and will still allow to su as root.