Mikko Hyppönen is pacing up and down the stage, his dark blue ponytail resting on top of a smart teal suit. As an experienced speaker, he tries to deliver a keynote to a room full of hackers and security researchers at one of the industry’s annual conferences.
“I often call this ‘cybersecurity Tetris’,” he tells the audience with a serious face, deviating from the rules of the classic video game. When you complete a full line of bricks, the line disappears, leaving more bricks to fall into a new line.
“So your successes disappear, as your failures accumulate,” he tells the audience during his keynote address at Black Hat Las Vegas in 2025. “The challenge we face as cybersecurity people is that our work is invisible… when you do your work perfectly, the result is that nothing happens.”
However, Hyppönen’s work did not go unnoticed. One of the longest-standing figures in cybersecurity, he has spent more than 35 years fighting malware. When he started in the late 1980s, the word “malware” was still far from everyday language; rather they were computer “viruses” or “trojans.” The Internet was still something few people had access to, and some viruses relied on infecting computers with floppy disks.
Since then, Hyppönen estimates he has analyzed thousands of different types of malware. And thanks to his frequent presentations at conferences around the world, he has become one of the most recognizable faces and respected voices in the cybersecurity community.
Although Hyppönen has spent most of his life trying to prevent malware from getting into places it shouldn’t, he’s now doing the same thing, albeit a little differently: His new challenge is protecting people against drones.
Hyppönen, who is Finnish, told me in a recent interview that he lives about two hours from the Finnish-Russian border. Russia’s continued hostility and its 2022 all-out invasion of Ukraine, where most of the reported deaths came from unprovoked airstrikes, led Hyppönen to believe he could gain new momentum by fighting drones.
For Hyppönen, it is also a matter of realizing that although there are still long-term problems that need to be solved in the world of cybersecurity – malware is not going anywhere and there are many new problems – the industry has made great progress in the last two decades. The iPhone, Hyppönen presented as an example, is a very secure device. The cybersecurity aspects of drone warfare, on the other hand, remain an uncharted territory.
From viruses and worms to malware and spyware…
Hyppönen got his start in cybersecurity by hacking video games in the 1980s. His love for cybersecurity came from reverse engineering software to find a way to remove anti-theft protection from a Commodore 64 home computer. He learned to write code by making games, and sharpened his engineering skills by analyzing malware in his first job at the Finnish company Data Fellows, which later became the well-known antivirus maker F-Secure.
Since then, Hyppönen has been on the front lines of the fight against malware, seeing how it has evolved.
In the early years, virus writers produced their malicious code mostly out of desire and curiosity to see what was possible with code alone. While some cyberespionage existed, criminals had not yet found ways to monetize theft by today’s standards, such as ransomware attacks. There was no cryptocurrency to facilitate theft, or a criminal market for stolen data.
Form, for example, was one of the most common viruses in the early 1990s, which infected floppy disk computers. That version of the virus didn’t do any damage – sometimes it just displayed a message on one’s screen, and that was it. But the virus traveled around the world, including landing on research stations at the South Pole, Hyppönen told me.
Hyppönen recounted the infamous ILOVEYOU virus, which he and his colleagues were the first to discover in 2000. ILOVEYOU was a worm, meaning it spread itself from computer to computer. It arrived via email as a text file, called a love letter. If the target opens, it would overwrite and corrupt certain files on the person’s computer, and then it sends itself to all their contacts.
This virus has infected more than 10 million Windows computers worldwide.
Malware has changed a lot since then. Of course no one develops malware as a hobby, and creating malicious software that pretends to be a guarantee that it will be caught by cybersecurity defenders who are able to quickly reduce it, and catch its author.
Nobody does it for the love of the game anymore, according to Hyppönen. “The age of germs is far behind,” he said.
We rarely see automated worms – with rare exceptions, such as the devastating WannaCry ransomware attack by North Korea in 2017; and the NotPetya mass hacking campaign launched by Russia later that year, which crippled much of Ukraine’s internet and power grid. Currently, malware is almost exclusively used by cybercriminals, spies and mercenary espionage developers who develop hacking skills and government-sponsored espionage. Those groups usually stay in the shadows, and want to keep their resources hidden to continue their activities and avoid cybersecurity defenders or law enforcement.
Another difference today is that the cybersecurity industry is now estimated to be around $250 billion. The industry has an expert, partly a necessity, to combat the increase in malware attacks. Developers have moved away from giving away their software for free, turning it into a paid service or product, Hyppönen said.
Computers and new devices such as smartphones, which came into use in the early 2000s, are now much more difficult to hack. If tools to hack an iPhone or Chrome browser cost six figures or several million dollars, Hyppönen argued, this makes spending so expensive that only those with the most resources, such as governments, can use them, as opposed to financially motivated cybercriminals. That’s a huge win for consumers, and for the cybersecurity industry it’s a job well done.
From spies and war criminals…
In mid-2025, Hyppönen moved from cybersecurity to another type of security. He became the chief research officer at Sensofusion, a Helsinki-based company that develops anti-drone systems for law enforcement agencies and the military.
Hyppönen told me that he was motivated to enter the emerging new industry because of what he saw happening in Ukraine, a war defined by drones. As a citizen of Finland, who serves in the army (“I can’t tell you what I do, but I can tell you that they don’t give me a gun because I waste too much on the keyboard,” he tells me), and with two grandfathers who fought with the Russians, Hyppönen is well aware of the presence of the enemy on the border of his country.
“The position is very important to me,” he said. “It’s very important to work against drones, not just the drones we see today, but the drones of tomorrow,” he said.
The cybersecurity and drone industries may seem like separate entities, but there are clear similarities between countering malware and countering drones, according to Hyppönen. To combat malware, cybersecurity companies have come up with techniques, known as signatures, to identify what is and isn’t malware and then detect and block it. In the case of drones, Hyppönen explained, security includes building systems that can find and jam radio drones, and by detecting the frequencies used to control autonomous vehicles.
Hyppönen explained that it is possible to identify and detect drones by recording their radio waves, known as their IQ samples.
“We see the protocol from there and create signatures to detect the unknown drones,” he said.
He also explained that if you recognize the protocol and frequencies used to control the drone, you can also try to make cyberattacks against it. You can cause the drone’s system to malfunction and crash the drone. “So in many ways, these protocol-level attacks are very easy in the drone world because the first step is the last step,” Hyppönen said. “If you get a crisis, you’re done.”
The anti-malware and anti-drone strategy isn’t the only thing that hasn’t changed in his life. The cat-and-mouse game of learning to stop a threat, then the enemy learning from that and devising new ways to get around the defense, and so on, is similar to the world of drones. And then, there is the identity of the enemy.
“I spent a large part of my career fighting Russian malware attacks,” he said. “Now I’m fighting Russian drone attacks.”
#fighting #malware #decades #cybersecurity #veteran #hacking #drones #TechCrunch