If you have opened SIP to the world, it is guaranteed that people will try to hack it.
This is war dialling not phishing. Phishing only works with people, not machines.
Use your fiirewall to limit source addresses to networks you trust. Disable allowguest. Use strong passwords for everything. Use type=peer, rather than type=friend. If possible use apparently random device names not the associated primary extension number. Consider using fail2ban (an attack rate limiter which sets firewall rules to match the source of failed attacks). Read the security best practices document.
I’m going by THE book, so all of my extensions named by MAC address. Long, random passwords. I’m not concerned with them actually succeeding, it’s just that they put load on a server.
Seems like fail2ban is a way to go. And maybe ban certain geographies IP ranges.