This DDoS is just early days stuff - the number of internet-connected smart devices is tiny compared to what it'll be in a few years. A tiny fraction of those devices will be difficult to hack and the vast majority will be hooked up to the Internet in an uncontrolled manner.
Couple that with the frankly amateurish way most online services are operated and constructed and you have a terrifying prospect.
It's going to be a field day for the DDoSers (it already is, really). The only way I see out of it is for ISPs to filter DDoS traffic emanating from their networks via some kind of L7 RBL because dealing with it properly at the destination is already proving near impossible, even with BGP trickery, custom hardware and massive pipes. Good luck coordinating that. Most probably don't have and don't want to have kit capable of doing it and are (probably correctly) hostile to regulation.