Re: Clean up your own users first...
You ever thought that these attacks of which you speak are actually SANCTIONED by their respective governments, given they're attacking the West? A kind of Plausibly Deniable Cyberwar?
If so their target aquisition systems need some work. That's "state SANCTIONED"? Against a Toshiba M200, running on a slow-as ASDL? Defeated at the first hurdle by Fail2ban, over and over? An attack detected by me while I was just idly sitting there watching nethogs and htop while running a check for updates? (and then only to be sure my connection was still live, given how flaky what I have here is).
If they can't get past that level, then turning their mouse upside down is probably enough to stop them ever getting online again!