The reasons behind a DDoS attack are most of the time unknown unless you are targeted by some noisy person. We have received plenty of DDoS attacks(hundreds) and only a couple of them we knew who was behind the attacks.
From the looks of your graph, it seems pretty obvious to me that it was not a peak on traffic but a DDoS attack.
The problem with Layer7 attacks is that they are too complex for an automated solution to filter them out of the box, any provider that claims to be fully automated from the start is lying.
Application attacks are very special and unlike Layer4, they generate “legitimate” connections, you can only “guess” which petition is legit by challenging the request or adding some sort of behavioral firewalling.
Cloudflare allows you to do this, however, if you are not a techy guy I would recommend you to read plenty of guides there are out there or simply hiring a system administrator who can probably set up your site to minimize the attacks you may receive in the future.