I'm no expert on this but I suppose a real hacker could analyse the IP addresses of the peers in the client to somehow determine the IPs of delegates. If they then proceed to DDOS those delegates, those delegates would start missing blocks. This would slow down the network but that's all, there's no automatic replacement of inactive delegates or delegates missing blocks as we've seen very clearly with the recent case of delegate.adam.
The delegate who is being DDOS'ed would be notified, either by an automatic service or through other means. He could then shut down that VPS if possible, and could easily spin up a standby VPS or even use his own computer in order to set up a new instance of the delegate and start signing blocks again. The attacker would then need to reidentify the delegate's IP in order to continue the attack.
One could also shield one's delegate behind a web of seed nodes by connecting to them directly and not advertising one's IP I think, and also refuse incoming connections.