1.) No one entity in the world has enough computing power to do it now. That chance has passed.
The overlooked part of the 51% attack is you have to continually expand to maintain your advantage, making sure your blockchain is the longest verified one, and you can only do evil things with your own coins. It seems to me that between buying 10 million dollars worth of equipment or buying outright, you're probably better off sinking it into the system and getting the attendant yields.
There hasn't been an attack because it is really useless to do so right now. I imagine in some extreme scenario where someone is running an attack to punish bitcoin, most users would probably decide to upgrade their clients to patch out the offending actors if needed - assuming that the attackers could even maintain their majority, which I highly doubt.