Mikko Hyppönen strides repeatedly across the platform, his distinctive dark blonde ponytail settled neatly against a flawless teal ensemble. An experienced orator, he endeavors to convey a crucial message to an auditorium packed with fellow digital security experts and researchers at a prominent global yearly gathering of the sector.
“I frequently refer to this as ‘cybersecurity Tetris’,” he informs the attendees gravely, enunciating the principles of the renowned video game. Upon finishing an entire line of blocks, that sequence disappears, allowing the remaining blocks to descend into a fresh configuration.
“Thus, your triumphs vanish, concurrently with your setbacks accumulating,” he explains to the assembly during his main address at Black Hat in Las Vegas in 2025. “The predicament we encounter as cybersecurity professionals is the imperceptible nature of our efforts… when your duties are executed flawlessly, the ultimate outcome is an absence of incidents.”
Hyppönen’s contributions, nevertheless, have unequivocally not gone unnoticed. As a prominent and long-standing personality in the cybersecurity field, he has dedicated over 35 years to combating malicious software. When his career commenced in the late 1980s, the word “malware” was far from common vocabulary; instead, the expressions used were computer “virus” or “trojans.” The internet remained largely inaccessible to most individuals, and certain viruses depended on infecting machines via floppy disks.
From that period onward, Hyppönen estimates having scrutinized thousands of distinct types of malicious software. Owing to his numerous presentations at conventions globally, he has emerged as one of the most identifiable figures and esteemed spokespersons within the cybersecurity sphere.
Although Hyppönen has dedicated a significant portion of his existence to preventing malicious software from infiltrating unauthorized locations, he continues much of the same work, albeit with a subtly altered approach: His latest endeavor is safeguarding individuals from unmanned aerial vehicles.
Hyppönen, a native of Finland, disclosed in a recent discussion that his residence is approximately two hours from the Finnish-Russian frontier. A progressively antagonistic Russia and its extensive 2022 incursion into Ukraine, where most fatalities have reportedly resulted from drone assaults, have convinced Hyppönen he can make a fresh contribution by combating drones.
For Hyppönen, it is additionally about acknowledging that although persistent challenges endure within the realm of cybersecurity — malicious software will persist and numerous novel issues loom — the sector has achieved remarkable progress over the past two decades. An iPhone, as Hyppönen cited, serves as a highly fortified gadget. The digital security dimensions of drone warfare, conversely, largely constitute unexplored domains.
From digital contagions and creeping programs to malicious software and surveillance tools…
Hyppönen began his journey in cybersecurity prematurely by illicitly modifying video games throughout the 1980s. His passion for digital security stemmed from deconstructing software to ascertain a method for circumventing anti-piracy measures on a Commodore 64 gaming system. He acquired programming expertise by creating adventure games, and refined his reverse engineering capabilities through examining malicious software at his inaugural position with the Finnish firm Data Fellows, subsequently known as the renowned antivirus producer F-Secure.
Ever since, Hyppönen has been at the forefront of the battle against malicious software, observing its development.
During the initial period, creators of viruses frequently crafted their harmful code purely from enthusiasm and a desire to explore the limits of standalone programming. Although a degree of cyber espionage was present, digital intruders had not yet found means to commercialize their illicit activities by contemporary benchmarks, such as ransomware assaults. Neither cryptocurrency existed to aid blackmail, nor a clandestine market for purloined information.
Form.A, for instance, represented one of the prevalent viruses of the early 1990s, disseminating infection to computers via a floppy disk. One variant of that virus caused no destruction — occasionally merely presenting a message on the user’s display, and nothing more. However, the virus proliferated globally, even reaching research outposts at the South Pole, as Hyppönen recounted.
Hyppönen narrated the story of the notorious ILOVEYOU virus, which he and his associates were the initial ones to detect in 2000. ILOVEYOU possessed worm-like properties, implying its self-propagation from one computing device to another. It manifested through electronic mail as a text document, seemingly a declaration of affection. Should the recipient open it, it would overwrite and damage certain files on their machine, subsequently transmitting itself to all their contacts.
This malicious program contaminated more than 10 million Windows-based personal computers across the globe.
Malicious software has undergone profound transformations since that time. Scarcely anyone crafts malicious code for leisure anymore, and devising self-replicating harmful software almost assures its detection by cybersecurity experts adept at rapid neutralization, and potentially apprehending its creator.
Nobody engages in it for sheer enjoyment any longer, as per Hyppönen. “The era of digital contagions is definitively in the past,” he stated.
We rarely observe self-propagating worms these days — save for uncommon instances, like the devastating WannaCry ransomware assault by North Korea in 2017; and the NotPetya large-scale cyberattack initiated by Russia subsequent to that year, which severely impaired a significant portion of Ukraine’s internet and electrical infrastructure. Presently, malicious software is almost solely employed by digital offenders, covert agents, and commercial spyware developers who engineer vulnerabilities for state-sponsored cyber-intrusion and intelligence gathering. These entities usually operate clandestinely, desiring to conceal their implements to persist in their operations and evade cybersecurity specialists or legal authorities.
Additional distinctions today include the cybersecurity sector now being valued at an estimated $250 billion. The sector has undergone professionalization, partly out of urgency, to counter the surge in malicious software assaults. Protectors transitioned from distributing their software gratuitously to transforming it into a remunerated service or commodity, Hyppönen noted.
Computing devices and more recent innovations such as mobile phones, which gained widespread adoption in the early 2000s, have grown considerably more challenging to infiltrate. Should the instruments required to breach an iPhone or the Chrome browser command a six-figure sum or even several million dollars, Hyppönen contended, this renders such an exploit so costly that only well-funded entities, such as governments, can deploy them, as opposed to financially driven cybercriminals. That constitutes a significant triumph for consumers, and for the cybersecurity sector, it signifies a task commendably executed.
From combating secret agents and offenders… to opposing unmanned aerial vehicles
By mid-2025,
Hyppönen transitioned his expertise from digital security to an alternative form of protective endeavor. He assumed the role of head of research at Sensofusion, a Helsinki-headquartered enterprise that engineers a counter-drone solution for legal authorities and the armed forces.
Hyppönen explained to me that his drive to enter this burgeoning field stemmed from the events he witnessed in Ukraine, a conflict largely defined by unmanned aerial vehicles. As a Finnish national serving in the military reserve corps (“I can’t disclose my specific duties, but I can assure you they don’t arm me with a rifle because I inflict far more damage with a keyboard,” he confided), and with both his grandfathers having battled Russian forces, Hyppönen possesses a keen awareness of an adversary’s proximity just across his homeland’s frontier.
“This circumstance holds immense significance for me,” he conveyed. “It holds greater purpose to dedicate efforts to combating drones, not merely the unmanned aircraft we encounter today, but also the advanced devices of tomorrow,” he stated. “Our stance aligns with humanity against automated systems, which might sound a bit like speculative fiction, but it precisely describes our tangible actions.”
While the digital security and unmanned aerial vehicle sectors might appear vastly dissimilar, Hyppönen highlighted distinct similarities between combating malicious software and countering drones. For instance, to tackle malware, digital security firms have devised methods, commonly termed signatures, to distinguish between legitimate and malicious code, subsequently discovering and impeding its operation. Regarding unmanned aircraft, Hyppönen elucidated that defensive strategies entail constructing apparatuses capable of pinpointing and disrupting radio-controlled UAVs, primarily by identifying the frequencies employed to command these self-governing craft.
Hyppönen elucidated the feasibility of pinpointing and discerning drones by logging their unique radio wave patterns, referred to as their IQ sample data.
“From that data, we discern the communication protocol and develop identifiers for pinpointing unidentified unmanned aircraft,” he stated.
Additionally, he elaborated that should one identify the communication protocol and frequencies governing an unmanned aerial vehicle, it becomes possible to launch digital assaults against it. One can induce a system failure in the drone, forcing it to impact the terrain. “Consequently, in numerous respects, these assaults at the protocol layer are considerably simpler within the realm of drones because the initial discovery often represents the final requirement,” Hyppönen remarked. “Should you uncover a weakness, your objective is achieved.”
The tactical approach to combating malicious software and countering drones is not the sole constant throughout his career. The perpetual chase of discovering methods to neutralize a menace, followed by the adversary assimilating that knowledge and conceiving novel means to circumvent safeguards, and so on ceaselessly, remains identical within the domain of unmanned aircraft. Furthermore, there’s the adversary’s identity.
“A significant portion of my professional life was dedicated to countering Russian malicious software incursions,” he remarked. “Currently, I am engaged in combating Russian unmanned aerial vehicle assaults.”
{content}
Source: {feed_title}