We've had this kind of inquiry before so I'll elaborate a bit here.
To determine if Centova Cast is involved (either as a culprit or a target of the attack) you'd need to evaluate the the DDoS attack and determine what resources are being hammered on. A good starting point is to check your Centova Cast logs in /usr/local/centovacast/var/log (and subdirectories) and see if they're unusually large -- if Centova Cast is receiving a huge number of requests, the access log will similarly be huge. If so, review the log and see what resources are being requested -- that should tell you most of what you need to know.
As for Centova Cast's involvement, the only part of Centova Cast that could potentially cause something resembling a DDoS attack would be the widgets -- for example, we've seen cases in which slightly-below-average-intelligence end-users modify the widget JavaScript to hit the server once per second. They don't stop to consider that this results in one request per second per visitor to their web site.
So when they have a huge show and have 400 visitors loading pages on their site, that's 400+ requests per second, and (unless you have a beefy server and you've tweaked your php-fpm settings in /usr/local/centovacast/etc/cc-appserver.conf to dramatically increase the process limit) that'll effectively result in a DoS on Centova Cast, as nginx will return a gateway timeout waiting for php-fpm.
Note that even in that case, though, the bottleneck will be the software limit (in cc-appserver.conf) or the CPU on your server (if you've increased the process limit), so this won't really eat up much bandwidth. And your DC doesn't care about your CPU usage -- they care about bandwidth... so if the DC is getting involved, then the problem is almost certainly elsewhere.
So many DDoS attacks since this past update