Linux and malware: Should you worry? Malicious code is nothing to worry about on Linux, right? Hold your penguins February 20, 2020 https://www.welivesecurity.com/2020/02/20/linux-malware-should-you-worry/
Up close and personal with Linux malware What are the main security threats facing Linux? A Q&A with ESET Senior Malware Researcher Marc‑Etienne M.Léveillé February 21, 2020 https://www.welivesecurity.com/2020/02/21/up-close-and-personal-with-linux-malware/
Some remarks: 1. Those articles focus on Linux servers - and rightly so. The situation for Linux desktop systems is certainly very different. 2. The recommendation to always keep those systems up-to-date is crucial, indeed. There have been many reports about security breaches in the past where security patches had been available (which would have prevented those incidents) but the systems were not updated. This is a careless attitude often resulting from mantras like "never touch a running system" and/or "availability 99.99999%". 3. This problem is increased by the well-known fact that many cheap rental servers run Linux (because it's for free). They are often run by hobby admins who don't really know what they are doing resulting in poorly configured and managed systems.
4. Sometimes admin runs Windows on laptop, but Gnu/Linux on server. Admin's laptop gets infected with malware with trojan capabilities. Bad guy steals password or key to Gnu/Linux server root account and installs malware there.
About OpenSSH... 1. Always switch default port that SSH daemon is listening to something else. 2. Even better, use port knocking if you can. 3. Don't even think to login with plain password! Be smart, use public key authentication. 4. Don't even think to login with root account!!!! You can always "su", "sudo" (or whatever floats your boat) inside your server after SSH login if you need to do stuff that need root privileges. 5. Use the best ciphers available. 6. If you only need to acces your server from some static IP address, block the rest of the world. If you need to access your server on the road from dynamic IP while traveling (a la laptop) then at least consider blocking the countries that you will likely never, ever visit and so don't need to allow access from those countries. Country blocking takes 3 lines of iptables rules if you use xtables-addons, 4 if you also want some loggin, and those 3 or 4 lines are for whole country ... 7. If you have nothing better to do, check your logs (at least once per month!), take a beer and browse throught script kiddies hacking attempts... 8. And last update update update!!!