Black Hat 2025: Security Researcher Unpacks Cybercrime’s Evolution… and How AI Is Changing the Game – Source: www.techrepublic.com

Cybersecurity has come a long way. But the attackers haven’t stopped adapting.

That was the core message of Mikko Hypponen’s keynote Wednesday at Black Hat 2025, where the longtime researcher walked the audience through three decades of malware history, shifting motivations, and what defenders need to prepare for next.

In a talk titled “Three Decades in Cybersecurity: Lessons Learned and What Comes Next,” Hypponen reflected on the earliest viruses of the late 1980s — often written by pranksters for notoriety — and contrasted them with today’s financially motivated, targeted, and professionalized attacks.

“We don’t fight viruses anymore,” Hypponen told the crowd. “They’re no longer a thing. Yes, we have malware. But we almost never have malware that spreads automatically… Today’s attacks are quite different.”

The turning point in cybercrime

Hypponen, the chief research officer at WithSecure, has stood at the frontlines of cyber defense since 1991.

He’s tracked — and helped neutralize — some of the world’s most devastating digital threats: Code Red, Slammer, Conficker, Stuxnet, WannaCry, LockBit, and more. In fact, his team was the first to stop the infamous ILOVEYOU worm.

Early viruses, he explained, were often written by teenage boys looking to cause mischief; this involved surprising users with animations, messages, or system disruptions for fun. That changed with the rise of the internet and then again around 2003, which Hypponen called the biggest turning point in cybercrime: the moment malware became monetized.

“We started seeing malware that wasn’t just annoying — it was profitable,” he said.

Banking trojans, ransomware, and targeted attacks quickly followed, with sophisticated operations emerging across the globe. Today’s cybercrime gangs are branded, well-funded, and focused. They launch attacks with the goal of making millions… quietly.

“If your malware ends up on the front page of CNN, you’ve failed,” Hypponen noted. “Today’s attackers don’t want publicity. They want money.”

He pointed to the rise of ransomware, including attacks from North Korea, and organized groups like Alpha, as a major escalation. These attackers exploit vulnerable VPN servers, phish users, and often use cryptocurrency for untraceable payments. High-profile victims now include hospitals, casinos, schools, and governments.

“Nobody believes they’ll be the next one,” he added, “but anyone can be.”

AI and the new balance of power

Despite the rise of ransomware and digital extortion, Hypponen closed his keynote on a hopeful, if nuanced, note: Security today is better than ever.

“It doesn’t feel like it,” he acknowledged, “but if you step back and think about where we’ve been and where we are today, it’s like night and day.”

He cited locked-down platforms like the iPhone and Xbox as examples of how far defensive technology has come. But attackers have evolved, too. When systems are hardened, they go after people instead — phishing users, exploiting weak endpoints, and bypassing security layers by social engineering rather than brute force.

“If it’s smart, it’s vulnerable,” Hypponen reminded the audience.

Increasingly, defenders are turning to AI to level the field. While attackers may use AI for scanning and automation, Hypponen believes it’s one of the few areas where defenders may currently hold the advantage. From identifying zero-day vulnerabilities to improving threat detection in real time, AI is reshaping the frontlines.

“AI is the key,” he said. “It’s the biggest technological revolution I’ve seen in my life.”

But even the smartest tools require the right environment to succeed. Black Hat founder Jeff Moss, who introduced Hypponen, maintained that culture remains critical. Without the right foundation, he said, even the best strategies can fail.

“If the culture of your company isn’t right, strategy doesn’t matter,” Moss said. “Don’t go writing strategies that have no chance of surviving your culture.”

At this week’s Black Hat event, Cisco Talos AI security researcher Amy Chang is describing a novel method of breaking the guardrails of generative AI. Read TechRepublic’s interview with Chang about this technique called decomposition.