After fighting malware for decades, this cybersecurity expert is now hacking drones

Mikko Hypponen moves back and forth on stage, his signature dark blonde hair in a ponytail over an impeccable blue suit. An experienced speaker, he tries to make an important point to a room full of fellow hackers and security researchers at one of the industry’s annual global meetups.

“I often call this ‘cybersecurity Tetris,’” he tells the audience with a serious face, reeling off the rules of the classic video game. When you complete a full line of bricks, the row disappears, leaving the rest of the bricks to fall on a new line.

“So your successes disappear, while your failures accumulate,” he told the audience during his keynote at Black Hat in Las Vegas in 2025. “The challenge we face as people in cybersecurity is that our work is invisible… When you do your job well, the end result is that nothing happens.”

However, Hypponen’s work was certainly not invisible. As one of the longest-serving figures in cybersecurity, he has spent more than 35 years fighting malware. When it began in the late 1980s, the term “malware” was still far from everyday language; The terms were instead computer “virus” or “Trojan horses.” The Internet was still available to only a few people, and some viruses relied on infecting computers with floppy disks.

Since then, Hypponen estimates he has analyzed thousands of different types of malware. Thanks to his frequent talks at conferences around the world, he has become one of the most recognizable faces and respected voices in the cybersecurity community.

While Hyppönen has spent much of his life trying to prevent malware from getting places it’s not supposed to, now he’s still doing much of the same thing, albeit with a slightly different tack: his new challenge is protecting people from drones.

Hypponen, a Finn, told me during a recent interview that he lives about two hours from Finland’s border with Russia. An increasingly hostile Russia and its large-scale invasion of Ukraine in 2022, where the majority of deaths were reported to have come from drone attacks, made Hypponen believe he could have a renewed impact through drone combat.

For Hyppönen, it’s also about realizing that while there are still long-standing problems to be resolved in the world of cybersecurity — malware isn’t going anywhere and there are plenty of new problems on the horizon — the industry has made great strides over the past two decades. The iPhone, which Hyppönen cited as an example, is a very secure device. On the other hand, the cybersecurity aspects of drone warfare remain almost uncharted territory.

From viruses and worms to malware and spyware…

Hyppönen got an early start in cybersecurity by hacking video games during the 1980s. His love of cybersecurity came from reverse engineering software to discover a way to remove anti-hacking protections from the Commodore 64 gaming console. He learned programming by developing adventure games, and honed his reverse engineering skills by analyzing malware in his first job at Finnish company Data Fellows, which later became the popular antivirus software maker F-Secure.

Since then, Hyppönen has been on the front lines of the fight against malware, and has witnessed how it has evolved.

In the early years, virus authors developed their malicious code often out of passion and curiosity to see what was possible with code alone. Although there is some online espionage, hackers have not yet discovered ways to monetize hacking by today’s standards, such as ransomware attacks. There was no cryptocurrency to facilitate blackmail, nor a criminal market for stolen data.

For example, Form.A was one of the most popular viruses in the early 1990s, infecting computers with floppy disks. A version of this virus didn’t destroy anything, and sometimes it just displayed a message on the person’s screen, and that was it. But the virus has traveled around the world, including landing at research stations in Antarctica, Hypponen told me.

Hypponen talked about the infamous ILOVEYOU virus, which he and his colleagues were the first to discover in 2000. The ILOVEYOU virus was wormable, meaning it spread spontaneously from computer to computer. It arrived via email as a text file, purporting to be a love letter. If the target opens it, it will overwrite and destroy some files on the person’s computer, and then send the same to all of their contacts.

The virus has infected more than 10 million Windows computers worldwide.

Malware has changed dramatically since then. Virtually no one develops malware as a hobby, and creating self-replicating malware is practically a guarantee that it will be caught by cybersecurity defenders who are able to quickly neutralize it, and perhaps arrest its author.

No one does it for the love of the game anymore, according to Hypponen. “The era of viruses is firmly behind us,” he said.

We rarely see self-propagating worms now — with rare exceptions, like North Korea’s devastating WannaCry ransomware attack in 2017; and the mass NotPetya hacking campaign launched by Russia later that year, which crippled much of the Ukrainian Internet and power grid. Now, malware is used almost exclusively by cybercriminals, spies, and mercenary spyware makers who develop government-backed hacking and espionage exploits. These groups usually stay in the shadows, wanting to hide their tools to continue their activities and to avoid cybersecurity advocates or law enforcement.

Other differences today are that the cybersecurity industry is now valued at $250 billion. The industry has professionalized, partly out of necessity, to combat the increase in malware attacks. Advocates have gone from giving away their software for free to turning it into a paid service or product, Hypponen said.

Computers and newer inventions like smartphones, which began appearing in the early 2000s, are becoming more difficult to hack. Hypponen argues that if the tools needed to hack an iPhone or Chrome browser cost six figures or even a few million dollars, that makes exploitation so expensive that it can only be used by those with high resources, such as governments, rather than financially motivated cybercriminals. This is a huge win for consumers, and for the cybersecurity industry, a job well done.

From fighting spies and criminals… to confronting drones

In mid-2025, Hypponen switched from cybersecurity to a different type of defense work. He became chief research officer at Sensofusion, a Helsinki-based company developing a counter-drone system for law enforcement agencies and the military.

Hypponen told me the impetus for entering a new, cutting-edge industry was what he saw happening in Ukraine, a war defined by drones. As a Finnish citizen serving in the military reserves (“I can’t tell you what I do, but I can tell you they don’t give me a rifle because I’m much more destructive with a keyboard,” he told me), and having two grandfathers who fought Russians, Hypponen is keenly aware of the presence of an enemy on his country’s borders.

“The situation is very important to me,” he told me. “It is more important to work on combating drones, not just the drones we see today, but also the drones of the future,” he said. “We’re siding with humans against machines, which sounds a bit like science fiction, but that’s what we’re doing in a very tangible way.”

The cybersecurity and drone industries may seem far apart, but there are clear similarities between anti-malware and anti-drone, according to Hypponen. To combat malware, cybersecurity companies have come up with mechanisms, known as signatures, to determine what is and is not malware and then detect and block it. In the case of drones, Hypponen explained, defenses include building systems that can locate and jam drones, and by recognizing the frequencies used to control autonomous vehicles.

Hypponen explained that it is possible to identify and detect drones by recording their radio frequencies, known as their IQ samples.

“We figure out the protocol from there and build signatures to detect unknown drones,” he said.

He also explained that if you discover the protocol and frequencies used to control the drone, you can also try to carry out cyber attacks against it. You can cause a malfunction in the drone’s system, crashing the drone to the ground. “So, in many ways, these protocol-level attacks are much easier in the drone world because the first step is the last step,” Hypponen said. “If you find a vulnerability, you’re done.”

The anti-malware and anti-drone strategy is not the only thing that has not changed in his life. The cat-and-mouse game of learning how to stop a threat, and then the enemy learning from that and devising new ways to get around defenses, etc., is the same in the world of drones. Then, there is the identity of the enemy.

“I’ve spent a significant portion of my career fighting Russian malware attacks,” he said. “Now I’m fighting Russian drone attacks.”