Access attack is a catch-all phrase that includes many forms of unauthorised access of computer resources. An access attack could be an external individual adversary, or a group that uses various methods to gain entry to a network and then steals information or destroys resources. An access attack could also be an insider getting into areas they are not authorised for.
A decade ago, common attacks against access control were dictionary attacks, brute force attacks and spoofing (login) screens. To defend from these type of attacks, people were harassed by security policies to use long and complex passwords that needed changing every so often and users were locked out after so many logon attempts. Defence from spoofed logon screens was considered almost unavoidable if the fake logon screen had already been installed on a computer, which meant focus shifted to securing vulnerable endpoints, such that fake logon screens could not be employed. The number of end-points has exploded, and with main focus on new features that sell, so have their vulnerabilities.
In the contemporary context of network attacks, the first objective of an adversary is to gain initial access, for example by finding the encrypted password files on the server and decrypting them, brute forcing passwords or dictionary attacks, by phishing or pharming, or by credential stuffing. Several other less time-consuming methods also exist that allow for additional reconnaissance to scout out resources, IP addresses, and perhaps even a network discovery (mapping) program or a sniffer-type packet-capturing utility, to escalate privileges on hosts.