A further update, we changed our questions yesterday at around 10 am local time. My co-admin pointed out that if you check ACP->USERS AND GROUPS->Inactive Users you can typically see a list of recently registered users who haven't started spamming yet. The last one corresponded to when we changed the questions.
From this I conclude the spambots are likely not bypassing the Q&A.
On the matter of timely, we noticed an heavy increase about the time we updated to 3.0.9 and as I noted
P_I wrote:One UI change in 3.0.9 was a change to the copyright message -- so Google can be used to find forums running 3.0.9.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams