After fighting malware for decades, the cybersecurity giant is now hacking drones
Mikko Hyppönen walks up and down the stage, with his trademark dark brown hair sitting on top of a beautiful teal suit. Being a seasoned speaker, he tries to make an important point to a room full of hackers and security researchers at one of the industry’s annual conferences.
“I often call this ‘cybersecurity Tetris’,” he tells the audience with a stern face, mocking the rules of the classic video game. If you complete an entire row of bricks, the row disappears, leaving the rest of the bricks to fall into a new row.
“So your successes disappear, while your failures accumulate,” he told the audience during his keynote address at Black Hat in Las Vegas in 2025. “The challenge we face as cybersecurity people is that our work is invisible … if you do your job perfectly, the end result is that nothing happens.”
However, Hyppönen’s work did not go unnoticed. As one of the industry’s longest-serving cybersecurity figures, he has spent more than 35 years fighting malware. When he started in the late 1980s, the word “malware” was far from everyday language; the words instead were computer “viruses” or “trojans.” The Internet was still something few people had access to, and some viruses relied on infecting computers with floppy disks.
Since then, Hyppönen estimated that he has analyzed thousands of different types of malware. And thanks to his regular speaking engagements at conferences around the world, he has become one of the most recognizable faces and respected voices in the cybersecurity community.
While Hyppönen has spent most of his life trying to prevent malware from getting into places it shouldn’t, he’s now doing the same, albeit a little differently: His new challenge is protecting people from drones.
Hyppönen, from Finland, told me during a recent interview that he lives about two hours from the Finnish-Russian border. Russia’s increasing hostility and its all-out invasion of Ukraine in 2022, with the majority of casualties reported to have come from unplanned airstrikes, led Hyppönen to believe that he could have a new impact by fighting drones.
For Hyppönen, it’s also a matter of recognizing that while there are still lingering problems to be solved in the world of cybersecurity – malware isn’t going anywhere and there are plenty of new problems on the horizon – the industry has made great strides over the past two decades. The iPhone, Hyppönen raised as an example, is a very secure device. Cybersecurity aspects of drone warfare, on the other hand, remain an unknown area.
From viruses and worms to malware and spyware…
Hyppönen got his start in cybersecurity by hacking video games in the 1980s. His passion for cybersecurity came from reverse engineering software to find a way to remove anti-criminal protections from a Commodore 64 game console. He learned to code by developing adventure games, and sharpened his reverse engineering skills by analyzing malware at his first job at the Finnish company Data Fellows, which later became the well-known antivirus maker F-Secure.
Since then, Hyppönen has been at the forefront of the fight against malware, seeing how it evolved.
In the early years, virus writers developed their malicious code mostly out of passion and curiosity to see what could be done with the code alone. While some cyberespionage existed, criminals had not yet found ways to monetize hacking by today’s standards, such as ransomware attacks. There was no cryptocurrency to facilitate extortion, or a criminal marketplace for stolen data.
Form.A, for example, was one of the most common viruses in the early 1990s, infecting computers via floppy disk. The version of that virus didn’t destroy anything – sometimes it just displayed a message on the person’s screen, and that was it. But the virus traveled around the world, including reaching research stations at the South Pole, Hyppönen told me.
Hyppönen talks about the infamous ILOVEYOU virus, which he and his colleagues were the first to discover in 2000. ILOVEYOU was wormable, meaning it could spread automatically from computer to computer. It arrived via email as a text file, called a love letter. If the target opens it, it will overwrite and corrupt other files on the person’s computer, and then send them to all their contacts.
The virus has infected more than 10 million Windows computers worldwide.
Malware has changed a lot since then. Almost no one creates malware as a hobby, and creating self-replicating malicious software is a guarantee that it will be caught by cybersecurity defenders who can quickly eliminate it, and catch its author.
No one does it for the love of the game anymore, according to Hyppönen. “The age of germs is definitely behind us,” he said.
It’s not uncommon now that we see self-propagating worms – with rare exceptions, such as the devastating WannaCry ransomware attack by North Korea in 2017; and the Russian-launched NotPetya hacking campaign later that year, which crippled much of Ukraine’s internet and power grid. Now, the malware is being used exclusively by cybercriminals, spies, and espionage agents who promote government-sponsored hacking and espionage operations. Those groups usually stay in the shadows, and want to keep their tools hidden to continue their operations and avoid cybersecurity guards or law enforcement.
Another difference today is that the cyber security industry is now estimated at $250 billion. The industry has done professional work, partly out of necessity, to combat the proliferation of malware attacks. Defenders have moved away from offering their software for free, making it a paid service or product, Hyppönen said.
Computers and new inventions like smartphones, which started working in the early 2000s, have become very difficult to hack. If tools to hack an iPhone or Chrome browser cost six hundred dollars or several million dollars, Hyppönen argued, this makes exploits so expensive that only those with high resources, such as governments, can use them, rather than financially motivated hackers. That’s a big win for consumers, and for the cybersecurity industry that’s a job well done.
From fighting spies and criminals… to fighting drones
In mid-2025, Hyppönen moved from cybersecurity to a different type of defense work. He became chief research officer at Sensofusion, a Helsinki-based company that develops anti-drone systems for law enforcement and the military.
Hyppönen told me that he was inspired to enter the emerging new industry because of what he saw happening in Ukraine, a war defined by drones. As a citizen of Finland, who works in military bases (“I can’t tell you what I do, but I can tell you that they don’t give me a gun because I damage the keyboard too much,” he tells me), and with two grandfathers who fought against the Russians, Hyppönen is well aware of the presence of the enemy on the border of his country.
He tells me: “The situation is very important to me. “It’s very important to work against drones, not just the drones we see today, but also the drones of tomorrow,” he says. “We’re on the side of people against machines, which sounds a little like science fiction, but that’s what we’re clearly doing.”
The cybersecurity and drone industries may seem like different languages, but there are clear similarities between the fight against malware and the fight against drones, according to Hyppönen. To combat malware, cybersecurity companies have come up with methods, known as signatures, to identify what is and isn’t malware and find and block it. In the case of drones, Hyppönen explained, defense involves building systems that can detect and install radio drones, and by detecting the frequencies used to control autonomous vehicles.
Hyppönen explained that it is possible to identify and locate drones by recording their radio waves, known as their IQ samples.
“We’re seeing a protocol there and we’ve created signatures to detect unknown drones,” he said.
He also explained that if you find the protocol and frequencies used to control the drone, you can try to carry out cyberattacks against it. You can disable the drone’s system, and crash the drone to the ground. “So in many ways, these protocol-level attacks are much, much easier in the drone world because the first step is the last step,” Hyppönen said. “If you get a risk, you’re done.”
The anti-malware and anti-drone strategy is not the only thing that has not changed in his life. The cat-and-mouse game of learning how to stop a threat, then the enemy learning from that and devising new ways to circumvent the defense, and so on, is the same in the world of drones. Then, there is the identity of the enemy.
“I spent most of my career fighting Russian malware attacks,” he said. “Now I’m fighting a Russian drone attack.”
