Yesterday our Digital Ocean server encountered something that looked like an attack. The outbound traffic suddenly increased to 700Mbps, while the inbound traffic stayed at about 0.1Mbps, and didn't increase even once. The traffic lasted for several minutes until Digital Ocean cut our server off the network assuming we're performing a DoS (which is reasonable).
I have two assumptions: either someone hacked into our server (after the attack I realised my colleague had enabled SSH login with password) or there's some kind of an attack that I don't know about.
Can anyone clear this situation up for me? If there indeed is a kind of DoS which traffic looks like that, please educate me.