On Mon, Dec 14, 2020 at 09:58:01AM -0500, Tom Beecher wrote:
Questionable cloud / VPS / hosting companies are great for spammers and botnet C&C, but not so great for DDoS "ion cannons". You still need a large volume of geographically diverse endpoints for those to be effective.
To piggyback on this: when launching a DDoS, diversity along multiple axes is helpful: geography, topology, connectivity, operating system, etc. Each additional form of diversity slightly raises the bar for defenders. Also, every compromised device may be a source of useful/saleable data, or the gateway to more of the same or to more valuable targets or to the compromise of people. The IoT is particularly fertile ground for this because to a very good first approximation, "IoT security" is an oxymoron. --rsk