It sounds like AWS dodged such an accusation by making their services extremely and unfairly expensive. Otherwise I'd bet it would become: "whenever we have an attack at work, 99 out of 100 times its coming from AWS".

Abusers are smart enough to design their architecture to avoid vendor lock-in, so they head to whoever provides cheapest traffic.