A variety of today's critical applications are based on queueing networks whose performance, mainly delay, depends on routing and resource allocation. These include computer networks (the Internet), load-balancers on cloud systems and vehicular traffic networks. These applications are vulnerable to malicious attacks which may include the dis-functioning of the network components by malwares, or other computer viruses. For computer networks there are many references (e.g., [1, 5]); for vehicular traffic networks see navigation platforms attacks (e.g., Waze [4]). Such attacks will increase the delay experienced in the network and degrade its performance. We aim at understanding what are the weak-points of such networks. That is, how can a sophisticated attacker cause the maximal damage to the network using minimal attacking power. Furthermore, we are interested in analyzing how flexible is the network in reacting to such attacks by re-routing its traffic, and whether such flexibility grants significant protection. An intriguing question, which we aim at addressing and which may affect network planning, is what will be the nature of an optimal attack: will it be concentrated at few nodes of the network, or would it be scattered over many regions (nodes). Prior works (e.g., [1, 3, 5]) that dealt with such worstcase attacks on distributed systems did not address queueing delays and their effects. To allow analytic treatment that will reveal the nature of these networks, we consider here a simplistic queueing model based on k queues which captures the main features of these networks: (i) Multi-commodity arrival flows, (ii) The ability of the network to migrate requests (users) from one route to another. Treatment of general structure networks is the subject of ongoing research which is based on this work. Our analysis reveals somewhat surprising properties: The nature of an optimal attack varies as a function of the system parameters, and may shift from fully concentrated to fully scattered in the extreme cases. This is in contrast to the (no queueing) model and results of [5] which asserted that optimal attacks are concentrated, even when the system can defend itself using requests migration. This suggests that queueing mechanisms and the consideration of queueing delays may cause scattering of optimal attacks.