Nessus generates too much noise because a lot of ports are being scanned. So the scanning tool is likely to be noticed. A hacker will usually try to get access via one port only in order not to draw attention to himself. Also the hacker usually already knows the vulnerabilities of the target before attacking it.
Also, a hacker has some other tools: social engineering, dumpster diving that you can't scan for but must use quite other techniques to counter. And if the hacker has physical access to the network, packet sniffing tools like ethereal and snort can be used.