Mikko Hyppönen is pacing forwards and backwards on the stage, together with his trademark darkish blonde ponytail resting on an impeccable teal swimsuit. A seasoned speaker, he is making an attempt to make an vital level to a room stuffed with fellow hackers and safety researchers at one of many business’s world annual meet-ups.
“I often call this ‘cybersecurity Tetris’,” he tells the viewers with a critical face, reeling off the principles of the basic online game. When you full a complete line of bricks, the row vanishes, leaving the remainder of the bricks to fall into a brand new line.
“So your successes disappear, while your failures pile up,” he tells the viewers throughout his keynote at Black Hat in Las Vegas in 2025. “The challenge we face as cybersecurity people is that our work is invisible… when you do your job perfectly, the end result is that nothing happens.”
Hyppönen’s work, nonetheless, has actually not been invisible. As one of many business’s longest serving cybersecurity figures, he has spent greater than 35 years fighting malware. When he began within the late Nineteen Eighties, the time period “malware” was nonetheless removed from on a regular basis parlance; the phrases as an alternative had been pc “virus” or “trojans.” The web was nonetheless one thing few individuals had entry to, and a few viruses relied on infecting computer systems with floppy disks.
Since then, Hyppönen estimated he has analyzed hundreds of various sorts of malware. And due to his frequent talks at conferences everywhere in the world, he has grow to be some of the recognizable faces and revered voices of the cybersecurity group.
While Hyppönen has spent a lot of his life making an attempt to maintain malware from entering into locations it is not imagined to, now he is nonetheless doing a lot of the identical, albeit a barely totally different tack: His new problem is to guard individuals towards drones.
Hyppönen, who is Finnish, informed me throughout a current interview that he lives about two hours away from Finland’s border with Russia. An more and more hostile Russia and its 2022 full-scale invasion of Ukraine, the place the vast majority of deaths have reportedly come from unmanned aerial assaults, have made Hyppönen consider he can have renewed influence by fighting drones.
For Hyppönen, it is additionally a matter of recognizing that whereas there are nonetheless long-standing issues to resolve on the planet of cybersecurity — malware is not going wherever and there are many new issues on the horizon — the business has made big strides over the past twenty years. An iPhone, Hyppönen introduced up for instance, is an especially safe system. The cybersecurity points of drone warfare, however, stay nearly uncharted territory.
From viruses and worms to malware and spy ware…
Hyppönen began early in cybersecurity by hacking video video games through the Nineteen Eighties. His love for cybersecurity got here from reverse engineering software program to determine a strategy to take away anti-piracy protections from a Commodore 64 video games console. He discovered to code by growing journey video games, and sharpened his reverse engineering abilities by analyzing malware at his first job at Finnish firm Data Fellows, which later grew to become the well-known antivirus maker F-Secure.
Since then, Hyppönen has been on the entrance strains of the combat towards malware, witnessing the way it developed.
In the early years, virus writers developed their malicious code typically completely out of ardour and curiosity to see what was doable with code alone. While some cyberespionage existed, hackers had but to find methods to monetize hacking by at this time’s requirements, like ransomware assaults. There was no cryptocurrency to facilitate extortion, nor a prison market for stolen information.
Form.A, for instance, was some of the frequent viruses within the early Nineteen Nineties, which contaminated computer systems with a floppy disk. A model of that virus didn’t destroy something — typically simply displaying a message on the particular person’s display, and that was it. But the virus travelled all over the world, together with touchdown on the analysis stations on the South Pole, Hyppönen informed me.
Hyppönen recounted the notorious ILOVEYOU virus, which he and his colleagues had been the primary to find in 2000. ILOVEYOU was wormable, that means it unfold mechanically from pc to pc. It arrived by way of e-mail as a textual content file, purportedly a love letter. If the goal opened it, it could overwrite and corrupt some information on the particular person’s pc, after which ship itself to all their contacts.
The virus contaminated over 10 million Windows computer systems worldwide.
Malware has modified dramatically since then. Virtually nobody develops malware as a interest, and creating malicious software program that self-replicates is virtually a assure that it’s going to get caught by cybersecurity defenders able to neutralizing it shortly, and probably catching its creator.
No one does it for the love of the sport anymore, in accordance with Hyppönen. “The age of viruses is firmly behind us,” he mentioned.
Seldom will we now see self-spreading worms — with uncommon exceptions, such because the harmful WannaCry ransomware assault by North Korea in 2017; and the NotPetya mass-hacking marketing campaign launched by Russia later that yr, which crippled a lot of the Ukrainian web and energy grid. Now, malware is nearly completely utilized by cybercriminals, spies, and mercenary spy ware makers who develop exploits for government-backed hacking and espionage. Those teams sometimes keep within the shadows, and wish to maintain their instruments hidden to proceed their actions and to keep away from cybersecurity defenders or legislation enforcement.
The different variations at this time are that the cybersecurity business is now estimated to be price $250 billion. The business has professionalized, partially as a necessity, to combat the rise in malware assaults. Defenders went from freely giving their software program for free, to turning it right into a paid service or product, mentioned Hyppönen.
Computers and newer innovations like smartphones, which started to take off through the early 2000s, have grow to be a lot more durable to hack. If the instruments to hack an iPhone or the Chrome browser value six-figures or perhaps a few million {dollars}, Hyppönen argued, this successfully makes an exploit so costly that solely the extremely resourced, like governments, can use them, reasonably than financially motivated cybercriminals. That’s an enormous win for shoppers, and for the cybersecurity business that’s a job properly carried out.
From fighting spies and criminals… to countering drones
In mid-2025, Hyppönen pivoted from cybersecurity to a special type of defensive work. He grew to become the chief analysis officer at Sensofusion, a Helsinki-based firm that develops an anti-drone system for legislation enforcement companies and the army.
Hyppönen informed me that was motivated to get right into a growing new business due to what he noticed occurring in Ukraine, a struggle outlined by drones. As a Finnish citizen, who serves within the army reserves (“I can’t tell you what I do, but I can tell you that they don’t give me a rifle because I’m much more destructive with a keyboard,” he tells me), and with two grandfathers who fought the Russians, Hyppönen is aware of the presence of an enemy simply over his nation’s border.
“The situation is very, very important to me,” he tells me. “It’s more meaningful to work fighting against drones, not just the drones that we see today, but also the drones of tomorrow,” he mentioned. “We’re on the side of humans against machines, which sounds a little bit like science fiction, but that’s very concretely what we do.”
The cybersecurity and drone industries could seem leagues other than each other, however there are clear parallels between fighting malware and fighting drones, in accordance with Hyppönen. To combat malware, cybersecurity firms have provide you with mechanisms, often known as signatures, to determine what is malware and what is not after which detect and block it. In the case of drones, Hyppönen defined, defenses contain constructing methods that may find and jam radio drones, and by recognizing frequencies which can be getting used to manage the autonomous autos.
Hyppönen defined that it’s doable to determine and detect drones by recording their radio frequencies, often known as their IQ samples.
“We detect the protocol from there and build up signatures for detecting unknown drones,” he mentioned.
He additionally defined that should you detect the protocol and frequencies used to manage the drone, you may as well attempt to conduct cyberattacks towards it. You may cause the drone’s system to malfunction, and crash the drone into the bottom. “So in many ways, these protocol level attacks are much, much easier in the drone world because the first step is the last step,” Hyppönen mentioned. “If you find a vulnerability, you’re done.”
The technique in fighting malware and fighting drones is not the one factor that hasn’t modified in his life. The cat-and-mouse recreation of studying the best way to cease a risk, after which the enemy studying from that and devising new methods to get round defenses, and on and on, is the identical on the planet of drones. And then, there’s the id of the enemy.
“I spent a big part of my career fighting against Russian malware attacks,” he mentioned. “Now I’m fighting Russian drone attacks.”