A review of all inbound connection over the past 3 weeks against my honeypot shows the top 2 targeted services were no surprise; a large amount of SSH (22, 2222) activity followed by Telnet (23) which Shodan still identifies over 2.7M hosts exposed to the Internet.
Article Link: https://isc.sans.edu/diary/rss/28242