In NZ some ISPs use cg-nat meaning that you will have many people under one public IPv4 address. Going by this logic you could ban a whole ISP in one go.
At this point, it's a long evolved set of heuristics based on any available data. Some quick rules around IP, Country, and email provider gets you a fair bit of the way there. But like any heuristic system that evolves, tweaking can get you to something that's "good enough".
The next step would be an AI system (like the very impressive Stripe Radar (which admittedly is in a different context)) but we're not ready for that, nor would it bring us significant value over our current system. And again - we pipe things to human for things in the grey area.
Is the abuse typically just people re-signing up continually every two weeks? Or are there other super common abuses? This isn't my field and I have always detested the commonly required CC inputs for free trials, so interested to know more about the motivation from software builders.
But as GP said, this and other signals require coding abuse detection, and then you must find a way to enforce this.
This is not the kind of activity you want to be involved in while validating a product concept and working toward pmf.