It's quite alarming to know one can halt whole Hive 2nd layer this easy.
I think, I might have a temporary solution. You said the attacker leased RCs, so you should fund leasing RC for an account creation service. This would make RC more expensive thus making the next attacks more costly. It might be cheaper than hardware upgrade or using anti-DDoS external service.