[codegeek]

I could be wrong/naive but aren't most DDOS attackers using a bunch of cheap VMs on the cloud to create a distributed network to attack ? Can these providers not do a better job of identifying the culprits and shutting them down ? I doubt it is easy to create Distributed-DOS if access to cheap VMs are restricted.

[miketery]

Most sophisticated ones uses bots on residential devices. Ie malware infected, or visiting a site with abusive code.

[nicolaslem]

They don't use cloud providers, they use botnets of compromised computers/IoT devices.

[KoftaBob]

What's the most common malware those computers are infected with, and most common way they got infected to begin with?

[miketery]

IoT devices get infected because they usually use common software stacks that go un patched. There's crawlers always doing their thing and looking to pop these.

[JackGreyhat]

My educated guess: The most common way to get infected is via email.