Mikko Hyppönen walks up and down the stage with his trademark dark blonde ponytail perched atop an impeccable turquoise suit. A seasoned public speaker, he’s trying to explain an important point to a room full of fellow hackers and security researchers at one of the industry’s global annual gatherings.
“I often call this ‘cybersecurity Tetris.’” He breaks away from the rules of classic video games and speaks to the audience with a serious face. When you complete a full line of bricks, that row disappears and the remaining bricks are placed in a new line.
He told the audience during his keynote address at Black Hat 2025 in Las Vegas. “So successes fade away and failures pile up. The challenge we face as cybersecurity professionals is that our work is invisible. If we do our work perfectly, the end result is that nothing happens.”
However, Hyppönen’s work certainly did not go unnoticed. As one of the industry’s longest-serving cybersecurity experts, he has been fighting malware for over 35 years. When he started in the late 1980s, the term “malware” was still far from everyday parlance. Instead, the term was computer “virus” or “Trojan horse.” The Internet was still accessible to a small number of people, and some viruses relied on floppy disks to infect computers.
Since then, Hyppönen estimates that he has analyzed thousands of types of malware. And his frequent speaking engagements at conferences around the world have made him one of the most recognizable faces and respected voices in the cybersecurity community.
Hyppönen has spent his entire career trying to stop malware from getting into places it doesn’t want to be, but now he’s still doing the same thing, albeit in a slightly different way. His new challenge is to protect people from drones.
Hyppönen, who is Finnish, said in a recent interview that he lives about two hours from the border between Finland and Russia. An increasingly hostile Russia and a full-scale invasion of Ukraine in 2022 (most of the deaths are said to have been caused by unmanned aerial attacks) have led Hyppönen to believe he can achieve new leverage through the fight against drones.
For Hyppönen, while the world of cybersecurity still has long-standing problems to solve (malware isn’t going anywhere, and many new problems are coming), it’s also important to recognize that the industry has made great strides over the past two decades. The iPhone, which Hyppönen cites as an example, is a very secure device. On the other hand, the cybersecurity aspect of drone warfare remains largely uncharted territory.
From viruses and worms to malware and spyware…
Hyppönen got his start in the early days of cybersecurity by hacking video games in the 1980s. His love for cybersecurity stemmed from reverse engineering software to figure out how to remove anti-piracy features from the Commodore 64 gaming console. He learned coding while developing adventure games and honed his reverse engineering skills by analyzing malware at his first job at Data Fellows, a Finnish company that later became renowned antivirus manufacturer F-Secure.
Since then, Hyppönen has been at the forefront of malware fighting and has seen how malware evolves.
In the early days, virus writers often developed malicious code out of passion and curiosity to see what was possible with code alone. Although some cyber espionage activities have existed, hackers have yet to find ways to monetize hacking by today’s standards, such as ransomware attacks. There were no cryptocurrencies to facilitate extortion, and there was no criminal market for stolen data.
For example, Form.A was one of the most common viruses that infected computers from floppy disks in the early 1990s. That version of the virus didn’t destroy anything. Sometimes it would just display a message on a person’s screen. But the virus spread around the world, including landing at a research station in Antarctica, Hyppönen said.
Hyppönen described the infamous ILOVEYOU virus, which he and his colleagues first discovered in 2000. ILOVEYOU could be infected with a worm, which means that the virus spreads automatically from computer to computer. It arrived via email as a text file, supposedly a love letter. When the target opens it, it overwrites and corrupts some files on that person’s computer and then sends itself to all of their contacts.
This virus infected more than 10 million Windows computers worldwide.
Malware has changed dramatically since then. Few people develop malware as a hobby, and creating self-replicating malicious software guarantees that it can be captured by cybersecurity defenders who can quickly neutralize it and potentially catch its creator.
According to Hyppönen, no one does it for the love of the game anymore. “The virus era is clearly behind us,” he said.
With rare exceptions, such as North Korea’s devastating WannaCry ransomware attack in 2017, we now rarely see worms spreading on their own. And later that year, the Russian-launched NotPetya mass hacking campaign compromised much of Ukraine’s internet and power grid. Malware is now used almost exclusively by cybercriminals, spies, and mercenary spyware creators who develop exploits for government-sponsored hacking and espionage. These groups typically want to stay in the shadows, keeping their tools hidden to continue their activities and elude cybersecurity advocates or law enforcement.
Another difference today is that the cybersecurity industry is now estimated to be worth $250 billion. The industry has specialized in part out of necessity to combat increasing malware attacks. Rather than offering software for free, defenders have turned to paid services or products, Hyppönen said.
Newer inventions, such as computers and smartphones that began appearing in the early 2000s, have become much more difficult to hack. Hyppönen argues that if tools to hack iPhones or Chrome browsers cost six figures or even millions of dollars, this would actually make attacks so expensive that they would only be available to those with deep resources, such as governments, rather than financially motivated cybercriminals. This is a huge win for consumers and a good thing for the cybersecurity industry.
From fighting spies and criminals to responding to drones…
In mid-2025, Hyppönen switched from cybersecurity to a different kind of defense work. He became chief research officer at Sensofusion, a Helsinki-based company developing anti-drone systems for law enforcement and the military.
Hyppönen said he was motivated to jump into the developing new industry because of what happened in Ukraine, a war defined by drones. As a Finnish citizen serving in the reserves (“I can’t tell you what I do, but I can tell you they don’t give you a rifle because using a keyboard is much more destructive,” he says) and with two grandfathers who fought the Russians, Hyppönen is acutely aware of the enemy’s presence just beyond his country’s borders.
“This situation is very important to me,” he said. “It makes more sense to fight against the drones of tomorrow, not just the drones we see today,” he said. “We stand on the side of humans against machines. It sounds like science fiction, but that’s very specifically what we do.”
Cybersecurity and the drone industry may seem separate, but there are clear similarities between fighting malware and fighting drones, according to Hyppönen. To combat malware, cybersecurity companies have devised mechanisms called signatures to identify what is malware and what is not, and then detect and block it. For drones, defense involves building systems that can find and disrupt wireless drones and recognize the frequencies used to control autonomous vehicles, Hyppönen explained.
Hyppönen explained that it is possible to identify and detect drones by recording radio frequencies, known as IQ samples.
“We detect protocols there and build signatures to detect unknown drones,” he said.
He also explained that if the protocols and frequencies used to control drones are detected, a cyber attack could be attempted targeting the drones. The drone’s systems may malfunction and the drone may crash to the ground. “In many ways, these protocol-level attacks are much easier in the drone world because the first step is the last step,” Hyppönen said. “Once we find the vulnerability, it’s over.”
Strategies for fighting malware and fighting drones aren’t the only things that haven’t changed in his life. The constant game of cat and mouse is the same in the world of drones: you learn how to stop a threat, your enemy learns from it, and you invent new ways to bypass your defenses. And then there is the identity of the enemy.
“I’ve spent most of my career fighting Russian malware attacks,” he said. “Now I am fighting against Russian drone attacks.”
