A DDOS brute force attack against thousands of WordPress installations is currently underway. It does not matter if you have updated WordPress because, as we already know, vulnerabilities can come from other places .
In the list, which you can check here and look to see if there are any your site, you will see that there are sites with all kinds of versions, including WordPress 3.7 Alpha, so the possible culprit is not there.
Check your passwords, check your installation looking for any type of script or infection, and scan your computer to look for viruses, keyloggers, rootkits or any intruder. Of course, check that your theme and plugins are updated and free of injected code.
If your site is not yet compromised it's a good idea to force the change of all passwords or even to ask for ID in two steps even requiring access to WordPress with eDNI all caution is little in the face of this type of attacks, which, on the other hand, you can stop them if you are notified in time and take action.