Gday
It doesnt matter if its open source or closed source
If you dont maintain proper produces like
Different passwords
Updates
Offsite backup
Then your asking for trouble
My guess is these types of attacks
exploit popular software
like SQL , Apache , default ports