I had people trying to hack my asterisk as well. So far, they did not succeed.
Question: Did you manually configure any SIP accounts that have dial-out abilities? All the auto installed user in the system have a password that is not easily hacked without a LOT of tries. What I have found out so far is, they mainly try the default things, ie. 2-4 digit phone numbers where password equals phone number.