Majority of attacks have originated from cryptomining and DDoS botnets, such as Mirai, Muhstik, and Kinsing, which are typically the first to exploit any critical enterprise bug before everyone else.