Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Mikko Hyppönen is strutting around the pitch, his black ponytail tucked into a sleek suit. A gifted speaker, he tries to make an important point to a room full of fellow hackers and security researchers at an annual international conference.
“I often call it ‘cybersecurity Tetris’,” he tells the audience with a sad face, ignoring the rules of the classic video game. When you complete an entire row of bricks, the row ends, leaving the rest of the bricks to fall into a new row.
“So your successes go away, while your failures pile up,” he tells the audience in the time of his knowledge at Black Hat in Las Vegas in 2025. “The problem we face as cyber security people is that our work is invisible… when you do your job perfectly, the result is that nothing happens.”
Hyppönen’s work, however, did not appear. As one of the longest-serving cyber security figures, he has spent more than 35 years fighting malware. When he started in the late 1980s, the word “malware” was still far from an everyday word; the term was instead “computer viruses” or “trojans.” The Internet was still only a few people had access to, and some viruses depended on infecting computers with it floppy disks.
Since then, Hyppönen says he has analyzed many types of crime. And thanks to his frequent speaking engagements at conferences around the world, he has become one of the most recognized and respected voices in the cyber security community.
Although Hyppönen has spent most of his life trying to keep malware out of places it shouldn’t, he’s now doing the same, albeit in a slightly different way: His new challenge is protecting people from drones.
Hyppönen, who is from Finland, told me recently that he lives near the border between Finland and Russia. Russia’s escalation and full-scale invasion of Ukraine in 2022, where many die said to have come from unmanned aerial attacks, leading Hyppönen to believe that they may also have a problem with drones.
For Hyppönen, it is a matter of recognizing that despite the problems that have existed for a long time to solve in the world of cybersecurity – malware is not going anywhere and there are many problems on the horizon – the industry has made great progress in the last two decades. The iPhone, Hyppönen raised as an example, is a very secure device. The cybersecurity aspects of drone warfare, on the other hand, remain an unknown area.
From viruses and worms to malware and spyware…
Hyppönen’s early start in cybersecurity was hacking video games in the 1980s. His love for cybersecurity came from engineering programs to find a way to remove anti-piracy protections for Commodore 64 games. He learned to code by creating fun games, and developed his technical skills by analyzing malware in his first job at the Finnish company Data Fellows, which later became the well-known antivirus maker F-Secure.
Since then, Hyppönen has been on the front lines of the fight against malware, seeing how it has evolved.
In the early years, virus writers created their malicious code often out of curiosity and curiosity to see what could be done with the code itself. Although some cyberespionage existed, hackers had not yet found ways to make money based on today’s standards, such as ransomware attacks. There was no cryptocurrency to facilitate extortion, or a criminal market for stolen data.
Form Afor example, it was one of the most common viruses in the early 1990s, which destroyed computers and floppy disks. The type of virus did not harm anything – sometimes it just displayed a message on the person’s picture, and that was it. But the virus traveled all over the world, including to a research facility at the South Pole, Hyppönen told me.
Hyppönen told about famous people ILOVEYOU viruswhich he and his colleagues were the first to discover in 2000. ILOVEYOU was wormable, meaning that it spread itself from computer to computer. It arrived via email as a text file, called a love letter. If the target is opened, it overwrites and destroys other files on the person’s computer, and then sends itself to all contacts.
The virus has affected more than 10 million Windows computers worldwide.
Malware has changed a lot since then. Almost no one creates malware as a hobby, and creating malicious programs that replicate themselves is guaranteed to be caught by cybersecurity experts who can solve it quickly, and catch its author.
No one does this for the love of the game, according to Hyppönen. “The generation of viruses is behind us,” he said.
We don’t usually see self-spreading worms – except for rare ones, such as pests WannaCry ransomware attack and North Korea in 2017; and the NotPetya mass destruction campaign introduced by Russia Later that year, what shut down most of Ukraine’s internet and power grid. Now, malware is only used by cybercriminals, spies, and professional espionage experts who create opportunities for government-sponsored hacking and espionage. These groups often live in the shadows, and want to hide their assets in order to continue their operations and avoid cyber security or law enforcement.
Another difference today is that the cyber security industry is estimated to be worth $250 billion. These companies have acted strategically, in part as a matter of necessity, to deal with the increasing number of malware attacks. Defenders stopped offering their software for free, turning it into a paid service or product, Hyppönen said.
Computers and new innovations such as cell phones, which started ringing in the early 2000s, have become increasingly difficult to hack. If the tools to hack the iPhone or Chrome browser costs five figures or several million dollars, Hyppönen argued, this is better to make exploits very expensive so that only those found, such as governments, can use them, instead of money to encourage cybercriminals. It’s a huge win for consumers, and cybersecurity companies are a great service.
From fighting spies and terrorists… to countering drones
In mid-2025, Hyppönen moved from cybersecurity to another defense project. He became chief research officer at Sensofusion, a Helsinki-based company that develops anti-drone systems for law enforcement and the military.
Hyppönen told me that he was inspired to enter the new emerging industry because of what he saw happening in Ukraine, a war defined by drones. As a Finnish citizen, who works in the military reserves (“I can’t tell you what I do, but I can tell you that they don’t give me a gun because I do so much damage with the keyboard,” he tells me), and with two grandparents who fought against Russia, Hyppönen is well aware of the presence of the enemy on the borders of his country.
“This situation is very important to me,” he tells me. “It’s very effective against drones, not just the drones we see today, but the drones of tomorrow,” he said. “We’re on the side of people versus machines, which sounds like science fiction, but that’s what we do.”
The cybersecurity and drone industries may seem unrelated, but there are parallels between the fight against malware and the fight against drones, according to Hyppönen. To combat malware, cybersecurity companies have come up with techniques, known as signatures, to identify what is and isn’t malware and identify and block it. In the case of drones, Hyppönen explained, security includes building systems that can find and jam radio drones, as well as identifying the frequencies used to control autonomous vehicles.
Hyppönen explained that it is possible to recognize and identify drones by recording their radio signals, known as their IQ models.
“We detect the pattern from there and create a signal to find the unknown drones,” he said.
He also explained that if you see the pattern and frequency used to operate a drone, you can also try to perform cyberattacks against it. You can cause the drone’s systems to malfunction, causing the drone to crash. “So in many ways, attacking these protocols is very, very easy in the drone world because the first step is the last step,” Hyppönen said. “Once you get a threat, you’re done.”
The fight against malware and the fight against drones is not the only thing that has not changed in his life. The cat and mouse game of learning how to stop a threat, and then the enemy learning from that and developing new defenses, and beyond, is the same in the world of drones. And then, there is the identification of the enemy.
“I have spent a large part of my career fighting Russian criminal arms,” he said. “Now I’m fighting Russian drones.”