Mikko Hyppönen is pacing back and forth on the stage, with his trademark dark blonde ponytail resting on an impeccable teal suit. A seasoned speaker, he is trying to make an important point to a room full of fellow hackers and security researchers at one of the industry’s global annual meet-ups.
“I often call this ‘cybersecurity Tetris’,” he tells the audience with a serious face, reeling off the rules of the classic video game. When you complete a whole line of bricks, the row vanishes, leaving the rest of the bricks to fall into a new line.
“So your successes disappear, while your failures pile up,” he tells the audience during his keynote at Black Hat in Las Vegas in 2025. “The challenge we face as cybersecurity people is that our work is invisible… when you do your job perfectly, the end result is that nothing happens.”
Hyppönen’s work, however, has certainly not been invisible. As one of the industry’s longest serving cybersecurity figures, he has spent more than 35 years fighting malware. When he started in the late 1980s, the term “malware” was still far from everyday parlance; the terms instead were computer “virus” or “trojans.” The internet was still something few people had access to, and some viruses relied on infecting computers with floppy disks.
Since then, Hyppönen estimated he has analyzed thousands of different kinds of malware. And thanks to his frequent talks at conferences all over the world, he has become one of the most recognizable faces and respected voices of the cybersecurity community.
While Hyppönen has spent much of his life trying to keep malware from getting into places it is not supposed to, now he is still doing much of the same, albeit a slightly different tack: His new challenge is to protect people against drones.
Hyppönen, who is Finnish, told me during a recent interview that he lives about two hours away from Finland’s border with Russia. An increasingly hostile Russia and its 2022 full-scale invasion of Ukraine, where the majority of deaths have reportedly come from unmanned aerial attacks, have made Hyppönen believe he can have renewed impact by fighting drones.
For Hyppönen, it is also a matter of recognizing that while there are still long-standing problems to solve in the world of cybersecurity — malware is not going anywhere and there are plenty of new problems on the horizon — the industry has made huge strides over the last two decades. An iPhone, Hyppönen brought up as an example, is an extremely secure device. The cybersecurity aspects of drone warfare, on the other hand, remain almost uncharted territory.
From viruses and worms to malware and spyware…
Hyppönen started early in cybersecurity by hacking video games during the 1980s. His love for cybersecurity came from reverse engineering software to figure out a way to remove anti-piracy protections from a Commodore 64 games console. He learned to code by developing adventure games, and sharpened his reverse engineering skills by analyzing malware at his first job at Finnish company Data Fellows, which later became the well-known antivirus maker F-Secure.
Since then, Hyppönen has been on the front lines of the fight against malware, witnessing how it evolved.
In the early years, virus writers developed their malicious code often exclusively out of passion and curiosity to see what was possible with code alone. While some cyberespionage existed, hackers had yet to discover ways to monetize hacking by today’s standards, like ransomware attacks. There was no cryptocurrency to facilitate extortion, nor a criminal marketplace for stolen data.
Form.A, for example, was one of the most common viruses in the early 1990s, which infected computers with a floppy disk. A version of that virus did not destroy anything — sometimes just displaying a message on the person’s screen, and that was it. But the virus travelled around the world, including landing on the research stations at the South Pole, Hyppönen told me.
Hyppönen recounted the infamous ILOVEYOU virus, which he and his colleagues were the first to discover in 2000. ILOVEYOU was wormable, meaning it spread automatically from computer to computer. It arrived via email as a text file, purportedly a love letter. If the target opened it, it would overwrite and corrupt some files on the person’s computer, and then send itself to all their contacts.
The virus infected over 10 million Windows computers worldwide.
Malware has changed dramatically since then. Virtually no one develops malware as a hobby, and creating malicious software that self-replicates is practically a guarantee that it will get caught by cybersecurity defenders capable of neutralizing it quickly, and potentially catching its author.
No one does it for the love of the game anymore, according to Hyppönen. “The age of viruses is firmly behind us,” he said.
Seldom do we now see self-spreading worms — with rare exceptions, such as the destructive WannaCry ransomware attack by North Korea in 2017; and the NotPetya mass-hacking campaign launched by Russia later that year, which crippled much of the Ukrainian internet and power grid. Now, malware is almost exclusively used by cybercriminals, spies, and mercenary spyware makers who develop exploits for government-backed hacking and espionage. Those groups typically stay in the shadows, and want to keep their tools hidden to continue their activities and to avoid cybersecurity defenders or law enforcement.
The other differences today are that the cybersecurity industry is now estimated to be worth $250 billion. The industry has professionalized, in part as a necessity, to fight the increase in malware attacks. Defenders went from giving away their software for free, to turning it into a paid service or product, said Hyppönen.
Computers and newer inventions like smartphones, which began to take off during the early 2000s, have become much harder to hack. If the tools to hack an iPhone or the Chrome browser cost six-figures or even a few million dollars, Hyppönen argued, this effectively makes an exploit so expensive that only the highly resourced, like governments, can use them, rather than financially motivated cybercriminals. That’s a huge win for consumers, and for the cybersecurity industry that’s a job well done.
From fighting spies and criminals… to countering drones
In mid-2025, Hyppönen pivoted from cybersecurity to a different kind of defensive work. He became the chief research officer at Sensofusion, a Helsinki-based company that develops an anti-drone system for law enforcement agencies and the military.
Hyppönen told me that was motivated to get into a developing new industry because of what he saw happening in Ukraine, a war defined by drones. As a Finnish citizen, who serves in the military reserves (“I can’t tell you what I do, but I can tell you that they don’t give me a rifle because I’m much more destructive with a keyboard,” he tells me), and with two grandfathers who fought the Russians, Hyppönen is acutely aware of the presence of an enemy just over his country’s border.
“The situation is very, very important to me,” he tells me. “It’s more meaningful to work fighting against drones, not just the drones that we see today, but also the drones of tomorrow,” he said. “We’re on the side of humans against machines, which sounds a little bit like science fiction, but that’s very concretely what we do.”
The cybersecurity and drone industries may seem leagues apart from one another, but there are clear parallels between fighting malware and fighting drones, according to Hyppönen. To fight malware, cybersecurity companies have come up with mechanisms, known as signatures, to identify what is malware and what is not and then detect and block it. In the case of drones, Hyppönen explained, defenses involve building systems that can locate and jam radio drones, and by recognizing frequencies that are being used to control the autonomous vehicles.
Hyppönen explained that it’s possible to identify and detect drones by recording their radio frequencies, known as their IQ samples.
“We detect the protocol from there and build up signatures for detecting unknown drones,” he said.
He also explained that if you detect the protocol and frequencies used to control the drone, you can also try to conduct cyberattacks against it. You can cause the drone’s system to malfunction, and crash the drone into the ground. “So in many ways, these protocol level attacks are much, much easier in the drone world because the first step is the last step,” Hyppönen said. “If you find a vulnerability, you’re done.”
The strategy in fighting malware and fighting drones is not the only thing that hasn’t changed in his life. The cat-and-mouse game of learning how to stop a threat, and then the enemy learning from that and devising new ways to get around defenses, and on and on, is the same in the world of drones. And then, there’s the identity of the enemy.
“I spent a big part of my career fighting against Russian malware attacks,” he said. “Now I’m fighting Russian drone attacks.”
