The key to your question is in the first 'D'.
What makes a DDoS attack so effective is the distributed nature of that
attack. With an old style DoS attack, the victim would usually experience a
large number of requests or connections to a specific server or resource
originating from a single or small number of sources. To mitigate the attack,
you could simply block the traffic from the attacking systems. Often, this could
be done by the local firewall or similar.
Under the DDoS attack, the victim is flooded with requests from a large number
of different sources. The number is too high to block individually and the
volume of attackers will typically overload all local infrastructure such as
firewalls and network switches. In this scenario, you typically need to work
with your ISP to have traffic to the target system sent to a 'black hole', which
will reduce the volume and allow local infrastructure to recover, but typically
does mean that the DDoS on the specific system is successful (because traffic to
that system is being sent to the black hole). The key point is that because the
attack is distributed, it is very difficult to block the attacking systems.
So, with respect to your question regarding cloud based DDoS services - this to
some extent depends on your definition of cloud. One definition would be any
service that is not on your own infrastructure and is delivered from 'the
cloud'. In this sense, DDoS attacks are already cloud based. They don't use the
attackers own infrastructure, but instead, use hosts the attacker has either
compromised or hosts the attacker has identified which have either poorly
configured services or lack sufficient controls to prevent them from being used
as part of a DDoS attack. For example, one of the reasons there is so much
concern surrounding IoT is that many of these IoT devices include services which
can be exploited as part of a DDoS attack and lack sufficient controls to
prevent this exploitation by unknown remote uses.
If you define cloud to be just IaaS, PaaS and SaaS providers, the situation is
slightly different. You are unlikely to see these services being used to perform
the actual attack simply because the DDoS attack relies on high numbers of
attackers and being able to use that number of cloud providers is prohibitive -
remember that the cloud providers are not going to welcome this sort of use of
their infrastructure, so you will have to do it in a 'stealthy' manner, which is
becoming increasingly difficult as cloud providers lock down what is considered
appropriate use of their infrastructure (remember, they have a reputation to
maintain - if they become known as a host for 'bad actors', ISPs and others will
just block traffic from their IPs).
This doesn't mean attackers don't use cloud services. What you will often find
is that DDoS service providers will use cloud services as the command and
control centre for their DDoS agents/bots. They still need to do this in a
stealthy manner as most reputable cloud services will deactivate any users they
detect doing such things, but this is much harder to detect and they only need a
few cloud providers. The agents/bots they use to actually perform the attacks
are usually compromised desktops and servers, often in home systems which have
poorer security controls and increasingly IoT devices, many of which are also in
home or small office environments which lack enterprise security measures or
skilled system administrators etc.