A Bruteforce attack is when the attacker will try a set of combinations to try to get into an account. Let’s say that the key is a shape. Then the attacker will try all existing geometrical shapes until it opens.
Similarly, an attacker will use dictionaries, numbers, a combination of letters and words, or even known passwords as it’s own database to crack the code.
Such attacks happen due to a persistent group of people that do not use strong passwords.
The stronger the attacker has the computer power, the more combinations it can execute on a given time.
Some companies to avoid such attacks will make the login rest for a couple of seconds, or even minutes in case a wrong password is inputted.
While creating a Brute force tool is for sure something for a skilled programmer, the execution is not. There are many programs to brute force passwords, and they are relatively simple to use.
In terms of probability, then it can be categorized as medium. This because we have countless accounts, and many are in platforms that are extremely valuable that are subject to such attacks.