A brute-force attack sees an attacker repeatedly and systematically submitting different usernames and passwords in an attempt to eventually guess credentials correctly. This simple but resources-intensive, trial-and-error approach is usually done using automated tools, scripts or bots cycling through every possible combination until access is granted.
However, the longer the password and the stronger the encryption on the saved credentials, the amount of time and computing power needed, so it is possible for organizations to decrease the efficiency of the attack to the point is almost impossible for attackers to execute successfully.
In 2017 both the UK and Scottish Parliaments fell victim to brute-force attacks, while a similar but unsuccessful attack occurred on the Northern Irish Parliament a year later. Airline Cathay Pacific suffer a brute force attack a year later for which it was fined £500,000 [~$630,000] by the UK’s data regulator due to lacking sufficient preventive measures. Ad blocking service Ad Guard also forced a reset of all user passwords after suffering a brute-force attack.