I am now actively rejecting SSH traffic for IP ranges of regions from which such traffic may be especially suspicious (China, Russia, India, etc.).
Trying to avoid the "Block the world" approach, and I'm not too worried about a network breach anyway.