Mikko Hyppenen paces up and down the stage, his trademark dark blonde ponytail perched atop a perfect teal suit. A seasoned public speaker, he's about to make an important point to a room full of fellow hackers and security researchers at one of the industry's annual global meetings.
“I like to call it 'Cybersecurity Tetris,'” he told the audience with a serious look on his face, shaking up the rules of the classic video game. When you complete an entire row of bricks, it disappears and the remaining bricks remain in a new row.
In his keynote at Black Hat in Las Vegas in 2025, he told the audience, “Successes disappear and failures pile up. The challenge we face as cybersecurity professionals is that our work is invisible…Even if we do our job perfectly, nothing ultimately happens.”
However, Hüppenen's work was never invisible. As one of the industry's longest-serving cybersecurity figures, he has spent more than 35 years fighting malware. When he started in the late 1980s, the term “malware” was still far from everyday parlance. Instead, the term was computer “virus” or “Trojan horse.” Few people still had access to the Internet, and some viruses relied on infecting computers using floppy disks.
Since then, Hypponen estimates he has analyzed thousands of different types of malware. And thanks to his frequent speaking engagements at conferences around the world, he has become one of the most well-known and respected voices in the cybersecurity community.
Hypponen has spent much of his life trying to prevent malware from getting into places it shouldn't, and today he continues to do much the same, albeit with a slightly different approach. His new challenge is to protect people from drones.
Hypponen, who is Finnish, said in a recent interview that he lives about two hours from the Finnish-Russian border. With Russia becoming increasingly hostile, with a full-scale invasion of Ukraine planned for 2022, and the majority of deaths reportedly caused by unmanned airstrikes, Hypponen believes he can make a new impact by fighting drones.
For Hypponen, it's also important to recognize that while there are still long-standing problems to solve in the world of cybersecurity, malware isn't going anywhere, and many new challenges are on the horizon, the industry has made great strides over the past two decades. The iPhone, which Hypponen used as an example, is a very secure device. Meanwhile, the cybersecurity aspects of drone warfare remain largely uncharted territory.
Image credit: Provided by Mikko Hypponen
From viruses and worms to malware and spyware…
Hypponen got his start in cybersecurity by hacking video games in the 1980s. His love for cybersecurity was born from reverse engineering software to find a way to remove anti-piracy protection from Commodore 64 game consoles. He learned to code by developing adventure games and honed his reverse engineering skills by analyzing malware in his first job at the Finnish company Data Fellows (later to become famous antivirus maker F-Secure).
Since then, Hypponen has been on the front lines of the fight against malware and witnessed how it evolves.
Early virus writers often developed malicious code solely out of passion and curiosity to see what was possible with just code. Although some cyber espionage existed, hackers had not yet discovered how to monetize hacking by today's standards, such as through ransomware attacks. There were no cryptocurrencies to facilitate extortion, and no criminal markets for stolen data.
For example, Form.A was one of the most common viruses in the early 1990s that used floppy disks to infect computers. This version of the virus did not destroy anything and in some cases only displayed a message on the user's screen and that was it. But the virus traveled around the world and even landed at a research station in Antarctica, Hypponen said.
Hyppönen spoke at length about the infamous ILOVEYOU virus, which he and his colleagues first discovered in 2000. ILOVEYOU was wormable, meaning it spread automatically from computer to computer. It arrived via email as a text file called a love letter. If the target opens it, it overwrites and corrupts some files on that person's computer and then sends itself to all of that person's contacts.
This virus infected over 10 million Windows computers worldwide.
Malware has changed dramatically since then. Virtually no one develops malware as a hobby, and creating self-replicating malicious software virtually guarantees that it will be captured by cybersecurity defenders who can quickly neutralize it and possibly capture its creators.
No one does it anymore for the love of the game, Hypponen said. “The era of the virus is definitely over,” he said.
With rare exceptions such as North Korea's devastating WannaCry ransomware attack in 2017, we rarely see self-spreading worms today. And later that year, Russia launched a massive NotPetya hacking campaign that crippled much of Ukraine's internet and power grid. Currently, malware is used almost exclusively by cybercriminals, spies, and mercenary spyware authors who develop exploits for government-sponsored hacking and espionage operations. These groups typically remain in the shadows, preferring to continue their operations and keep their tools hidden to avoid cybersecurity advocates and law enforcement.
The other difference today is that the cybersecurity industry is estimated to be worth $250 billion. To combat the rise in malware attacks, the industry has specialized by necessity. Hypponen said defenders have moved from distributing software for free to paying services and products.
New inventions like computers and smartphones, which became popular in the early 2000s, are much harder to hack. Hypponen argued that if tools to hack iPhones or Chrome browsers cost six figures or even millions of dollars, they effectively make the cost of exploitation so high that only those with the resources, such as governments, can use them, rather than financially motivated cybercriminals. This is a huge win for consumers and a great job for the cybersecurity industry.
Image credit: Provided by Mikko Hypponen
From fighting spies and criminals to countering drones
In mid-2025, Hypponen pivoted from cybersecurity to another type of defense work. He became chief research officer at SensoFusion, a Helsinki-based company that develops counter-drone systems for law enforcement and the military.
Hypponen told me that what he saw happening in Ukraine, the drone war, motivated him to enter the developing new industry. As a Finnish citizen who serves in the reserves (“I can't tell you what I do, but I can tell you they don't give me a rifle because the keyboard is more destructive,” he says) and whose two grandfathers fought against the Russians, Hypponen is acutely aware of the enemy's presence just beyond his country's borders.
“This situation is very important to me,” he told me. “It's more meaningful to fight drones, not just the drones we see today, but the drones of the future,” he said. “We're on the side of humans against machines. This sounds a bit like science fiction, but that's very specifically what we're doing.”
Hypponen said that while the cybersecurity and drone industries may seem far apart, there are clear similarities between fighting malware and fighting drones. To combat malware, cybersecurity companies have devised mechanisms called signatures to identify what is malware and what is not, and to detect and block it. In the case of drones, Hypponen explained that defense includes building systems that can locate and jam wireless drones and recognize the frequencies used to control self-driving cars.
Hypponen explained that it is possible to identify and detect drones by recording their radio frequencies, known as IQ samples.
“From there we detect protocols and build signatures to detect unknown drones,” he said.
He also explained that by detecting the protocols and frequencies used to control a drone, it is possible to attempt a cyber attack against the drone. This can cause the drone's systems to malfunction and cause the drone to crash into the ground. “So in many ways, these protocol-level attacks are much easier because in the drone world, the first step is the last step,” Hypponen said. “Once a vulnerability is found, it’s over.”
It's not just his strategy for fighting malware and fighting drones that hasn't changed in his life. It's the same cat-and-mouse game in the world of drones: learning how to thwart threats, adversaries learning from them, and devising new ways to evade defenses. And the true identity of the enemy.
“I spent the majority of my career fighting Russian malware attacks,” he said. “I'm currently fighting Russian drone attacks.”