Big or small most providers don't do enough to curb this behavior as well as other bad behavior and way too many companies let way to much go. Some of the worst providers for allowing this:
Namecheap for DNS and hosting. They do very little when you can show proof that they services are used maliciously, they don't do anything.
CariNet, Inc. is another. Contact them and good luck getting them to call back even when they say they will.
ServerMania is another. In the past several days, a good portion of the links in SPAM messages had the links resolve to servers operated by ServerMania.
Digital Ocean ranks up there as well.
All of the above, I have contacted either because of SPAM, port scanning, etc. and some do take the complaints seriously but it just seems that there are many scans coming from them on a daily basis. It is like whack-a-mole and some of the above pretty much do nothing. While I agree that the providers should not be held liable in many cases, when you have providers that just seem to attract bad behaving customers, there is probably a reason as to why.
I would think it would be pretty easy for the likes of Amazon, Microsoft, Google, etc. to make their services harder to use for malicious activity. For starters they could require a credit or debit card that is not a prepaid card. Make sure to perform validation checking on them as well. Unless someone is going to keep getting a new credit card to keep buying cloud resources, the venture would be short lived. Information sharing between the major players could go a long-way as well.