An organization has identified that its website is being flooded with login credentials. Which of the following BEST describes the observed cyber attack?

The scenario describes a situation where an organization's website is experiencing a flood of login credentials, which indicates a systematic attempt to gain unauthorized access. The term "brute force" refers to a specific technique where an attacker systematically guesses login credentials, such as usernames and passwords, in order to gain access to an account.

During a brute force attack, the attacker tries a large number of combinations to find the right one, which often involves using automated scripts or bots that can quickly iterate through possible passwords. This method can overwhelm the login interface, potentially leading to service disruption.

In contrast, the other options denote different types of attacks. Denial of service typically focuses on overwhelming a service with traffic to make it unavailable rather than targeting specific login credentials. SQL injection involves inserting malicious SQL commands into a database query, which is a different method of attack targeting database vulnerabilities, not login systems directly. Session hijacking refers to the takeover of a user session after authentication has already occurred, rather than trying to gain access through credential submission.

Thus, the description of a flood of login credentials aligns best with a brute force attack, highlighting the targeted nature of the credential guessing and the attempts to break through into user accounts.