Questionable cloud / VPS / hosting companies are great for spammers and botnet C&C, but not so great for DDoS "ion cannons". You still need a large volume of geographically diverse endpoints for those to be effective. 

On Mon, Dec 14, 2020 at 9:52 AM Peter E. Fry <pfry@tailbone.net> wrote:

Simple question: What's the purpose of obtaining illicit access to
random devices on the Internet these days, considering that a large
majority of attacks are now launched from cheap, readily available and
poorly managed/overseen "cloud" services?  Finding anything worthwhile
to steal on random machines on the Internet seems unlikely, as does
obtaining access superior (in e.g. location, bandwidth, anonymity,
etc.) to the service from which the attack was launched.


I was thinking about this the other day as I was poking at my
firewall, and hopped onto the archives (here and elsewhere) to see if
I could find any discussion.  I found a few mentions (e.g. "Microsoft
is hacking my Asterisk???"), but I didn't catch any mention of
purpose.  Am I missing something obvious (either a purpose or a
discussion of such)?  Have I lost my mind entirely?  (Can't hurt to
check, as I'd likely be the last to know.)


Peter E. Fry