I don't think probing the whole ISN space is new, but that's not how the tool Mitnick was given worked. At the time of the Mitnick attack, TCP ISNs were trivially predictable; you could connect to a host, note its ISN, and then know within a very tight range what the next ISN on the next connection --- from any host --- would be.
I think it depends on how you read the article. The most charitable reading is that the authors couldn't find a source for probing the whole ISN space, and believe that variant of the attack is novel. I think you have to be a bit uncharitable to assume they're claiming the whole concept of blind TCP spoofing.
I would cut them a lot more slack if they mentioned that their method doesn't work in the vast majority of networks today (assuming one wants to cross networks with it), due to egress filtering. If one is already present locally, and can send spoofed packets, there are far better attacks to try than sending tens to hundreds of gigabytes of data for a single spoofed connection (that will be immediately terminated).
Their method doesn't even attempt to keep the connection going.
Anyone with network experience would see the bruteforcing method as elementary and common knowledge really, it's nothing new.
Since TCP spoofing is essentially an academic concept at this point --- even if you could do it in milliseconds, it wouldn't be very useful --- I'm not sure the practical baggage or refinements you're talking about are that important.
Also, I think RPF filtering is a little less common than you're implying that it is.
Why not useful? In my experience setups involving IP ACLs for TCP services are pretty common in the wild. As well as risk-assesments talking about the relative rarity of on-path attackers, predicated on TCP security against off-path attackers.
Risk assessments making bad assumptions is not a new thing.
People are always advocating egress filtering because "if only everybody would do it ...", but it's a classic tragedy of the commons. Egress filtering doesn't meaningfully help the network doing it and it may cause ugly problems with asymmetric routes and the like, so the number of networks that don't do it is large enough to be meaningful. And if you get close enough to the core of the internet it's basically impossible anyway because there is no practical way to keep track of which address ranges a particular interface should legitimately be sending traffic from when the list encompasses half the address ranges on the internet and can change at any time.
The upshot being it's not at all difficult for an attacker to get hold of a connection that doesn't do egress filtering, and that isn't ever going to change.
