The pools are certainly not earning more fees due to such incidents. Because the long period of slow blocks and less fees (per hour) now will make up for the short period of more fees (per hour) during the attack. I am therefore puzzled why they would actively invite nicehash attacks by providing a dedicated port just for this centralized service.