This is the most specific solution I could find as it disables only the single function being attacked.
functions.php:
function Remove_Unneeded_XMLRPC( $methods ) {
unset( $methods['wp.getUsersBlogs'] );
return $methods;
}
add_filter( 'xmlrpc_methods', 'Remove_Unneeded_XMLRPC' );
found this at: http://www.cryptobells.com/more-wordpress-xmlrpc-brute-force-attacks/
For a broader solution there is a WordPress plugin called “Disable XML-RPC” which does precisely that, disables the entire XML-RPC functionality.