Mikko Hyppönen paces back and forth on stage, his trademark dark blonde ponytail propped against a crisp teal suit. As an experienced speaker, you’re trying to make an important point to a room full of fellow hackers and security researchers at one of the industry’s annual global meetings.
“I often call this ‘Cybersecurity Tetris,’” he tells the audience with a straight face, reeling off the rules of the classic video game. When you complete a full line of bricks, the row disappears, leaving the rest of the bricks to fall into a new line.
“So your successes disappear, while your failures accumulate,” he tells the audience. during his opening speech at Black Hat in Las Vegas in 2025. “The challenge we face as cybersecurity people is that our work is invisible… when you do your job perfectly, the end result is that nothing happens.”
However, Hyppönen’s work has not been invisible. As one of the industry’s most senior cybersecurity figures, he has spent more than 35 years fighting malware. When it started, in the late 1980s, the term “malware” was still far from everyday language; instead, the terms were computer “viruses” or “trojans.” The Internet was still something that few people had access to and some viruses relied on infecting computers with floppy disks.
Since then, Hyppönen estimates he has analyzed thousands of different types of malware. And thanks to his frequent speaking engagements at conferences around the world, he has become one of the most recognizable faces and respected voices in the cybersecurity community.
While Hyppönen has spent much of his life trying to prevent malware from reaching places it shouldn’t, he’s now doing much the same thing, albeit with a slightly different tactic: his new challenge is protecting people from drones.
Hyppönen, who is Finnish, told me during a recent interview that he lives about two hours from Finland’s border with Russia. An increasingly hostile Russia and its full-scale invasion of Ukraine in 2022, where most deaths supposedly coming from unmanned aerial attacks, have led Hyppönen to believe that he can have a renewed impact combating drones.
For Hyppönen, it’s also about recognizing that while there are still long-standing problems to solve in the world of cybersecurity (malware is not going anywhere and there are many new problems on the horizon), the industry has made great strides in the last two decades. Hyppönen gave the iPhone as an example: it is an extremely secure device. The cybersecurity aspects of drone warfare, on the other hand, remain almost uncharted territory.
From viruses and worms to malware and spyware…
Hyppönen got an early start in cybersecurity by hacking video games during the 1980s. His love of cybersecurity arose from reverse engineering software to find a way to remove anti-hacking protections from a Commodore 64 gaming console. He learned to code by developing adventure games and honed his reverse engineering skills by analyzing malware in his first job at the Finnish company Data Fellows, which later became the well-known antivirus maker F-Secure.
Since then, Hyppönen has been on the front lines of the fight against malware and has witnessed its evolution.
In the early years, virus writers developed their malicious code often purely out of passion and curiosity to see what was possible with code alone. While some cyber espionage existed, hackers had yet to discover ways to monetize hacking by today’s standards, such as ransomware attacks. There was no cryptocurrency to facilitate extortion and no criminal market for stolen data.
Form.AFor example, it was one of the most common viruses in the early 90s, which infected computers with a floppy disk. One version of that virus didn’t destroy anything; sometimes it would just show a message on the person’s screen and that was it. But the virus traveled around the world, even landing at research stations at the South Pole, Hyppönen told me.
Hyppönen recounted the infamous I love you viruswhich he and his colleagues were the first to discover in 2000. ILOVEYOU could be removed with worms, meaning it spread automatically from one computer to another. It arrived via email as a text file, supposedly a love letter. If the target opened it, it would overwrite and corrupt some files on the person’s computer and then be sent to all of their contacts.
The virus infected more than 10 million Windows computers worldwide.
Malware has changed dramatically since then. Virtually no one develops malware as a hobby, and creating self-replicating malware is virtually a guarantee that it will be caught by cybersecurity defenders capable of quickly neutralizing it and potentially catching its author.
According to Hyppönen, no one does it for the love of the game anymore. “The era of viruses is firmly behind us,” he said.
We rarely see self-propagating worms today, with rare exceptions, such as the destructive WannaCry ransomware attack by North Korea in 2017; and the massive NotPetya hacking campaign launched by Russia later that year, which paralyzed much of Ukraine’s power grid and Internet. Now, malware is used almost exclusively by cybercriminals, spies, and mercenary spyware creators who develop exploits for government-backed hacking and espionage. Typically, these groups remain in the shadows and want to keep their tools hidden to continue their activities and avoid cybersecurity defenders or authorities.
The other differences today are that the cybersecurity industry is estimated to be worth $250 billion. The industry has professionalized, partly out of necessity, to combat the rise in malware attacks. Advocates moved from giving away their software to turning it into a paid service or product, Hyppönen said.
Computers and newer inventions like smartphones, which began to take off in the early 2000s, have become much more difficult to hack. If the tools to hack an iPhone or the Chrome browser cost six figures or even a few million dollars, Hyppönen argued, this effectively makes an exploit so expensive that only those with more resources, such as governments, can use them, rather than financially motivated cybercriminals. This is a big win for consumers and for the cybersecurity industry it is a job well done.
From fighting spies and criminals… to countering drones
In mid-2025, Hyppönen moved from cybersecurity to a different type of defensive work. He became the research director at Sensofusion, a Helsinki-based company developing an anti-drone system for law enforcement and the military.
Hyppönen told me he was motivated to enter a new developing industry because of what he saw happening in Ukraine, a war defined by drones. As a Finnish citizen, who serves in the military reserves (“I can’t tell you what I do, but I can tell you that they don’t give me a rifle because I’m much more destructive with the keyboard,” he tells me), and with two grandfathers who fought against the Russians, Hyppönen is acutely aware of the presence of an enemy just across his country’s border.
“The situation is very, very important to me,” he tells me. “It is more meaningful to work against drones, not just the drones we see today, but also the drones of tomorrow,” he said. “We’re on the side of humans against machines, which sounds a bit like science fiction, but that’s what we do in a very concrete way.”
The cybersecurity and drone industries may seem very distant from each other, but there are clear parallels between the fight against malware and the fight against drones, according to Hyppönen. To fight malware, cybersecurity companies have devised mechanisms, known as signatures, to identify what is malware and what is not, then detect and block it. In the case of drones, Hyppönen explained, defenses involve building systems that can locate and jam radio drones and recognize the frequencies used to control autonomous vehicles.
Hyppönen explained that it is possible to identify and detect drones by recording their radio frequencies, known as IQ samples.
“From there we detect the protocol and accumulate signatures to detect unknown drones,” he said.
He also explained that if you detect the protocol and frequencies used to control the drone, you can also try to carry out cyber attacks against it. You can cause the drone’s system to malfunction and crash it into the ground. “In many ways, these protocol-level attacks are much, much easier in the drone world because the first step is the last,” Hyppönen said. “If you find a vulnerability, that’s it.”
The strategy in the fight against malware and drones is not the only thing that has not changed in its life. The cat and mouse game of learning how to stop a threat, and then the enemy learns from that and devises new ways to get around defenses, and so on, is the same in the drone world. And then there is the identity of the enemy.
“I spent much of my career fighting Russian malware attacks,” he said. “Now I am fighting against Russian drone attacks.”
