Well, also if a company of say 1000 employees wanted to brute force a password, they could easily deploy a program that runs such a brute force process in the background to all their employees machines and then the cost is next to nothing to have 1000 machines brute force a password and 1000 machines will probably do the work pretty quick, even if the process is set to low priority so users don't notice it.
They already have the machines. They just needs to pay someone to figure out how to set it up and script install to every machine, which isn't going to very high in cost.
