Do you have it closed off to the Internet
Yes, hence the reason for suspecting a side attack.
Have you considered migrating to qemu/kvm?
Yes, but no thanks. HiveSQL is an infrastructure, not just one host. In that case, it is not only the hypervisor software that matters but also all the related components, including the sysops skills and knowledge. This extends to the disaster recovery plan as a whole.