> Who would have an incentive to spend resources

That's not how threat analysis works. That's a conspiracy theory. You need to consider the difficulty of achieving it.

Otherwise I could start speculating which large NAS provider is trying to DDoS me, when in fact it's a script kiddie.

As for who would have the most incentives? Unscrupulous AI scrapers. Every unprotected site experiences a flood of AI scrapers/bots.

Actually I think that's roughly how threat analysis works though.

	▲	Ygg2 31 minutes ago \| parent [-]
		For threat analysis, you need to know how hard you are to break in, what the incentives are, and who your potential adversaries are. For each potential adversary, you list the risk strategy; that's threat analysis 101. E.g. you have a locked door, some valuables, and your opponent is the state-level. Risk strategy: ignore, no door you can afford will be able to stop a state-level actor.